From 034ea7e754e74a94945e25615aea8f39e9e06222 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 28 Apr 2017 15:14:50 +0100 Subject: [PATCH 01/43] Add int return values to SHA1 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_sha1() * mbedtls_sha1_starts() * mbedtls_sha1_update() * mbedtls_sha1_finish() * mbedtls_sha1_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/sha1.h | 132 +++++++++++++++++++++++++++++++++++++++-- library/sha1.c | 90 ++++++++++++++++++++-------- 2 files changed, 192 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 7a67c6c1f..9dde5b89e 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -32,6 +32,11 @@ #include #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_SHA1_ALT) // Regular implementation // @@ -78,8 +83,10 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, * \brief SHA-1 context setup * * \param ctx context to be initialized + * + * \return 0 if successful */ -void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); +int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ); /** * \brief SHA-1 process buffer @@ -87,19 +94,103 @@ void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); * \param ctx SHA-1 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ); +int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief SHA-1 final digest * * \param ctx SHA-1 context * \param output SHA-1 checksum result + * + * \return 0 if successful */ -void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ); +int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, + unsigned char output[20] ); -/* Internal use */ -void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ); +/** + * \brief SHA-1 process data block (internal use only) + * + * \param ctx SHA-1 context + * \param data buffer holding one block of data + * + * \return 0 if successful + */ +int mbedtls_sha1_process_ext( mbedtls_sha1_context *ctx, + const unsigned char data[64] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief SHA-1 context setup + * + * \deprecated Superseded by mbedtls_sha1_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( + mbedtls_sha1_context *ctx ) +{ + mbedtls_sha1_starts_ext( ctx ); +} + +/** + * \brief SHA-1 process buffer + * + * \deprecated Superseded by mbedtls_sha1_update_ext() in 2.5.0 + * + * \param ctx SHA-1 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( + mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_sha1_update_ext( ctx, input, ilen ); +} + +/** + * \brief SHA-1 final digest + * + * \deprecated Superseded by mbedtls_sha1_finish_ext() in 2.5.0 + * + * \param ctx SHA-1 context + * \param output SHA-1 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( + mbedtls_sha1_context *ctx, + unsigned char output[20] ) +{ + mbedtls_sha1_finish_ext( ctx, output ); +} + +/** + * \brief SHA-1 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_sha1_process_ext() in 2.5.0 + * + * \param ctx SHA-1 context + * \param data buffer holding one block of data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha1_process( + mbedtls_sha1_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_sha1_process_ext( ctx, data ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -119,8 +210,37 @@ extern "C" { * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-1 checksum result + * + * \return 0 if successful */ -void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ); +int mbedtls_sha1_ext( const unsigned char *input, + size_t ilen, + unsigned char output[20] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = SHA-1( input buffer ) + * + * \deprecated Superseded by mbedtls_sha1_ext() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-1 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input, + size_t ilen, + unsigned char output[20] ) +{ + mbedtls_sha1_ext( input, ilen, output ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine diff --git a/library/sha1.c b/library/sha1.c index 2ccf2a2f5..d2ec8bae9 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -97,7 +97,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, /* * SHA-1 context setup */ -void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) +int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -107,10 +107,13 @@ void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476; ctx->state[4] = 0xC3D2E1F0; + + return( 0 ); } #if !defined(MBEDTLS_SHA1_PROCESS_ALT) -void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) +int mbedtls_sha1_process_ext( mbedtls_sha1_context *ctx, + const unsigned char data[64] ) { uint32_t temp, W[16], A, B, C, D, E; @@ -264,19 +267,24 @@ void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[6 ctx->state[2] += C; ctx->state[3] += D; ctx->state[4] += E; + + return( 0 ); } #endif /* !MBEDTLS_SHA1_PROCESS_ALT */ /* * SHA-1 process buffer */ -void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; uint32_t left; if( ilen == 0 ) - return; + return( 0 ); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -290,7 +298,10 @@ void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_sha1_process( ctx, ctx->buffer ); + + if( ( ret = mbedtls_sha1_process_ext( ctx, ctx->buffer ) ) != 0 ) + return( ret ); + input += fill; ilen -= fill; left = 0; @@ -298,13 +309,17 @@ void mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, while( ilen >= 64 ) { - mbedtls_sha1_process( ctx, input ); + if( ( ret = mbedtls_sha1_process_ext( ctx, input ) ) != 0 ) + return( ret ); + input += 64; ilen -= 64; } if( ilen > 0 ) memcpy( (void *) (ctx->buffer + left), input, ilen ); + + return( 0 ); } static const unsigned char sha1_padding[64] = @@ -318,8 +333,10 @@ static const unsigned char sha1_padding[64] = /* * SHA-1 final digest */ -void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) +int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, + unsigned char output[20] ) { + int ret; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; @@ -334,14 +351,18 @@ void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - mbedtls_sha1_update( ctx, sha1_padding, padn ); - mbedtls_sha1_update( ctx, msglen, 8 ); + if( ( ret = mbedtls_sha1_update_ext( ctx, sha1_padding, padn ) ) != 0 ) + return( ret ); + if( ( ret = mbedtls_sha1_update_ext( ctx, msglen, 8 ) ) != 0 ) + return( ret ); PUT_UINT32_BE( ctx->state[0], output, 0 ); PUT_UINT32_BE( ctx->state[1], output, 4 ); PUT_UINT32_BE( ctx->state[2], output, 8 ); PUT_UINT32_BE( ctx->state[3], output, 12 ); PUT_UINT32_BE( ctx->state[4], output, 16 ); + + return( 0 ); } #endif /* !MBEDTLS_SHA1_ALT */ @@ -349,15 +370,27 @@ void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) /* * output = SHA-1( input buffer ) */ -void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ) +int mbedtls_sha1_ext( const unsigned char *input, + size_t ilen, + unsigned char output[20] ) { + int ret; mbedtls_sha1_context ctx; mbedtls_sha1_init( &ctx ); - mbedtls_sha1_starts( &ctx ); - mbedtls_sha1_update( &ctx, input, ilen ); - mbedtls_sha1_finish( &ctx, output ); + + if( ( ret = mbedtls_sha1_starts_ext( &ctx ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha1_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha1_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + mbedtls_sha1_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -406,29 +439,30 @@ int mbedtls_sha1_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-1 test #%d: ", i + 1 ); - mbedtls_sha1_starts( &ctx ); + if( mbedtls_sha1_starts_ext( &ctx ) != 0 ) + goto fail; if( i == 2 ) { memset( buf, 'a', buflen = 1000 ); for( j = 0; j < 1000; j++ ) - mbedtls_sha1_update( &ctx, buf, buflen ); + { + if( mbedtls_sha1_update_ext( &ctx, buf, buflen ) != 0 ) + goto fail; + } } else - mbedtls_sha1_update( &ctx, sha1_test_buf[i], - sha1_test_buflen[i] ); + { + if( mbedtls_sha1_update_ext( &ctx, sha1_test_buf[i], + sha1_test_buflen[i] ) != 0 ) + goto fail; + } - mbedtls_sha1_finish( &ctx, sha1sum ); + mbedtls_sha1_finish_ext( &ctx, sha1sum ); if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; goto exit; - } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -437,6 +471,14 @@ int mbedtls_sha1_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "\n" ); + goto exit; + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + ret = 1; + exit: mbedtls_sha1_free( &ctx ); From 1d85213602167ddfed3e5b52c2916321e1688dbf Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 28 Apr 2017 16:21:40 +0100 Subject: [PATCH 02/43] Add int return values to MD2 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_md2() * mbedtls_md2_starts() * mbedtls_md2_update() * mbedtls_md2_finish() * mbedtls_md2_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/md2.h | 130 +++++++++++++++++++++++++++++++++++++++--- library/md2.c | 69 ++++++++++++++++------ 2 files changed, 173 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 0f93fbf42..1f3b10773 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -31,6 +31,11 @@ #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_MD2_ALT) // Regular implementation // @@ -78,8 +83,10 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, * \brief MD2 context setup * * \param ctx context to be initialized + * + * \return 0 if successful */ -void mbedtls_md2_starts( mbedtls_md2_context *ctx ); +int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ); /** * \brief MD2 process buffer @@ -87,16 +94,99 @@ void mbedtls_md2_starts( mbedtls_md2_context *ctx ); * \param ctx MD2 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen ); +int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD2 final digest * * \param ctx MD2 context * \param output MD2 checksum result + * + * \return 0 if successful */ -void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ); +int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, + unsigned char output[16] ); + +/** + * \brief MD2 process data block (internal use only) + * + * \param ctx MD2 context + * + * \return 0 if successful + */ +int mbedtls_md2_process_ext( mbedtls_md2_context *ctx ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief MD2 context setup + * + * \deprecated Superseded by mbedtls_md2_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( + mbedtls_md2_context *ctx ) +{ + mbedtls_md2_starts_ext( ctx ); +} + +/** + * \brief MD2 process buffer + * + * \deprecated Superseded by mbedtls_md2_update_ext() in 2.5.0 + * + * \param ctx MD2 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( + mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_md2_update_ext( ctx, input, ilen ); +} + +/** + * \brief MD2 final digest + * + * \deprecated Superseded by mbedtls_md2_finish_ext() in 2.5.0 + * + * \param ctx MD2 context + * \param output MD2 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( + mbedtls_md2_context *ctx, + unsigned char output[16] ) +{ + mbedtls_md2_finish_ext( ctx, output ); +} + +/** + * \brief MD2 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_md2_process_ext() in 2.5.0 + * + * \param ctx MD2 context + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md2_process( + mbedtls_md2_context *ctx ) +{ + mbedtls_md2_process_ext( ctx ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -117,7 +207,36 @@ extern "C" { * \param ilen length of the input data * \param output MD2 checksum result */ -void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] ); +int mbedtls_md2_ext( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = MD2( input buffer ) + * + * \deprecated Superseded by mbedtls_md2() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output MD2 checksum result + * + * \return 0 if successful + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md2( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) +{ + mbedtls_md2_ext( input, ilen, output ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine @@ -126,9 +245,6 @@ void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[ */ int mbedtls_md2_self_test( int verbose ); -/* Internal use */ -void mbedtls_md2_process( mbedtls_md2_context *ctx ); - #ifdef __cplusplus } #endif diff --git a/library/md2.c b/library/md2.c index 95cbcce65..7dd2b6bcb 100644 --- a/library/md2.c +++ b/library/md2.c @@ -105,16 +105,18 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, /* * MD2 context setup */ -void mbedtls_md2_starts( mbedtls_md2_context *ctx ) +int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ) { memset( ctx->cksum, 0, 16 ); memset( ctx->state, 0, 46 ); memset( ctx->buffer, 0, 16 ); ctx->left = 0; + + return( 0 ); } #if !defined(MBEDTLS_MD2_PROCESS_ALT) -void mbedtls_md2_process( mbedtls_md2_context *ctx ) +int mbedtls_md2_process_ext( mbedtls_md2_context *ctx ) { int i, j; unsigned char t = 0; @@ -146,14 +148,19 @@ void mbedtls_md2_process( mbedtls_md2_context *ctx ) ( ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t] ); t = ctx->cksum[i]; } + + return( 0 ); } #endif /* !MBEDTLS_MD2_PROCESS_ALT */ /* * MD2 process buffer */ -void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; while( ilen > 0 ) @@ -172,16 +179,21 @@ void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, s if( ctx->left == 16 ) { ctx->left = 0; - mbedtls_md2_process( ctx ); + if( ( ret = mbedtls_md2_process_ext( ctx ) ) != 0 ) + return( ret ); } } + + return( 0 ); } /* * MD2 final digest */ -void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ) +int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, + unsigned char output[16] ) { + int ret; size_t i; unsigned char x; @@ -190,12 +202,16 @@ void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ) for( i = ctx->left; i < 16; i++ ) ctx->buffer[i] = x; - mbedtls_md2_process( ctx ); + if( ( ret = mbedtls_md2_process_ext( ctx ) ) != 0 ) + return( ret ); memcpy( ctx->buffer, ctx->cksum, 16 ); - mbedtls_md2_process( ctx ); + if( ( ret = mbedtls_md2_process_ext( ctx ) ) != 0 ) + return( ret ); memcpy( output, ctx->state, 16 ); + + return( 0 ); } #endif /* !MBEDTLS_MD2_ALT */ @@ -203,15 +219,28 @@ void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ) /* * output = MD2( input buffer ) */ -void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] ) +int mbedtls_md2_ext( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) { + int ret; mbedtls_md2_context ctx; mbedtls_md2_init( &ctx ); - mbedtls_md2_starts( &ctx ); - mbedtls_md2_update( &ctx, input, ilen ); - mbedtls_md2_finish( &ctx, output ); + + if( ( ret = mbedtls_md2_starts_ext( &ctx ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md2_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md2_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + + mbedtls_md2_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -262,16 +291,12 @@ int mbedtls_md2_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD2 test #%d: ", i + 1 ); - mbedtls_md2( (unsigned char *) md2_test_str[i], - strlen( md2_test_str[i] ), md2sum ); + if( mbedtls_md2_ext( (unsigned char *)md2_test_str[i], + strlen( md2_test_str[i] ), md2sum ) != 0 ) + goto fail; if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto fail; if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -281,6 +306,12 @@ int mbedtls_md2_self_test( int verbose ) mbedtls_printf( "\n" ); return( 0 ); + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); } #endif /* MBEDTLS_SELF_TEST */ From bee0635b1593d879504e04136c3d10ce36cd6e34 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 28 Apr 2017 17:00:30 +0100 Subject: [PATCH 03/43] Add int return values to MD4 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_md4() * mbedtls_md4_starts() * mbedtls_md4_update() * mbedtls_md4_finish() * mbedtls_md4_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/md4.h | 134 +++++++++++++++++++++++++++++++++++++++--- library/md4.c | 80 ++++++++++++++++++------- 2 files changed, 186 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index 45214d41d..7968b69a0 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -32,6 +32,11 @@ #include #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_MD4_ALT) // Regular implementation // @@ -78,8 +83,10 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, * \brief MD4 context setup * * \param ctx context to be initialized + * + * \return 0 if successful */ -void mbedtls_md4_starts( mbedtls_md4_context *ctx ); +int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ); /** * \brief MD4 process buffer @@ -87,16 +94,103 @@ void mbedtls_md4_starts( mbedtls_md4_context *ctx ); * \param ctx MD4 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen ); +int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD4 final digest * * \param ctx MD4 context * \param output MD4 checksum result + * + * \return 0 if successful */ -void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ); +int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, + unsigned char output[16] ); + +/** + * \brief MD4 process data block (internal use only) + * + * \param ctx MD4 context + * \param data buffer holding one block of data + * + * \return 0 if successful + */ +int mbedtls_md4_process_ext( mbedtls_md4_context *ctx, + const unsigned char data[64] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief MD4 context setup + * + * \deprecated Superseded by mbedtls_md4_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( + mbedtls_md4_context *ctx ) +{ + mbedtls_md4_starts_ext( ctx ); +} + +/** + * \brief MD4 process buffer + * + * \deprecated Superseded by mbedtls_md4_update_ext() in 2.5.0 + * + * \param ctx MD4 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( + mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_md4_update_ext( ctx, input, ilen ); +} + +/** + * \brief MD4 final digest + * + * \deprecated Superseded by mbedtls_md4_finish_ext() in 2.5.0 + * + * \param ctx MD4 context + * \param output MD4 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( + mbedtls_md4_context *ctx, + unsigned char output[16] ) +{ + mbedtls_md4_finish_ext( ctx, output ); +} + +/** + * \brief MD4 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_md4_process_ext() in 2.5.0 + * + * \param ctx MD4 context + * \param data buffer holding one block of data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md4_process( + mbedtls_md4_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_md4_process_ext( ctx, data ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -116,8 +210,37 @@ extern "C" { * \param input buffer holding the data * \param ilen length of the input data * \param output MD4 checksum result + * + * \return 0 if successful */ -void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] ); +int mbedtls_md4_ext( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = MD4( input buffer ) + * + * \deprecated Superseded by mbedtls_md4_ext() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output MD4 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md4( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) +{ + mbedtls_md4_ext( input, ilen, output ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine @@ -126,9 +249,6 @@ void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[ */ int mbedtls_md4_self_test( int verbose ); -/* Internal use */ -void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] ); - #ifdef __cplusplus } #endif diff --git a/library/md4.c b/library/md4.c index 11a77e3ae..9239b6344 100644 --- a/library/md4.c +++ b/library/md4.c @@ -98,7 +98,7 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, /* * MD4 context setup */ -void mbedtls_md4_starts( mbedtls_md4_context *ctx ) +int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -107,10 +107,13 @@ void mbedtls_md4_starts( mbedtls_md4_context *ctx ) ctx->state[1] = 0xEFCDAB89; ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476; + + return( 0 ); } #if !defined(MBEDTLS_MD4_PROCESS_ALT) -void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] ) +int mbedtls_md4_process_ext( mbedtls_md4_context *ctx, + const unsigned char data[64] ) { uint32_t X[16], A, B, C, D; @@ -211,19 +214,24 @@ void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] ctx->state[1] += B; ctx->state[2] += C; ctx->state[3] += D; + + return( 0 ); } #endif /* !MBEDTLS_MD4_PROCESS_ALT */ /* * MD4 process buffer */ -void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; uint32_t left; if( ilen == 0 ) - return; + return( 0 ); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -238,7 +246,10 @@ void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, s { memcpy( (void *) (ctx->buffer + left), (void *) input, fill ); - mbedtls_md4_process( ctx, ctx->buffer ); + + if( ( ret = mbedtls_md4_process_ext( ctx, ctx->buffer ) ) != 0 ) + return( ret ); + input += fill; ilen -= fill; left = 0; @@ -246,7 +257,9 @@ void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, s while( ilen >= 64 ) { - mbedtls_md4_process( ctx, input ); + if( ( ret = mbedtls_md4_process_ext( ctx, input ) ) != 0 ) + return( ret ); + input += 64; ilen -= 64; } @@ -256,6 +269,8 @@ void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, s memcpy( (void *) (ctx->buffer + left), (void *) input, ilen ); } + + return( 0 ); } static const unsigned char md4_padding[64] = @@ -269,8 +284,10 @@ static const unsigned char md4_padding[64] = /* * MD4 final digest */ -void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ) +int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, + unsigned char output[16] ) { + int ret; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; @@ -285,13 +302,20 @@ void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ) last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - mbedtls_md4_update( ctx, (unsigned char *) md4_padding, padn ); - mbedtls_md4_update( ctx, msglen, 8 ); + ret = mbedtls_md4_update_ext( ctx, (unsigned char *)md4_padding, padn ); + if( ret != 0 ) + return( ret ); + + if( ( ret = mbedtls_md4_update_ext( ctx, msglen, 8 ) ) != 0 ) + return( ret ); + PUT_UINT32_LE( ctx->state[0], output, 0 ); PUT_UINT32_LE( ctx->state[1], output, 4 ); PUT_UINT32_LE( ctx->state[2], output, 8 ); PUT_UINT32_LE( ctx->state[3], output, 12 ); + + return( 0 ); } #endif /* !MBEDTLS_MD4_ALT */ @@ -299,15 +323,27 @@ void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ) /* * output = MD4( input buffer ) */ -void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] ) +int mbedtls_md4_ext( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) { + int ret; mbedtls_md4_context ctx; mbedtls_md4_init( &ctx ); - mbedtls_md4_starts( &ctx ); - mbedtls_md4_update( &ctx, input, ilen ); - mbedtls_md4_finish( &ctx, output ); + + if( ( ret = mbedtls_md4_starts_ext( &ctx ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md4_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md4_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + mbedtls_md4_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -358,16 +394,12 @@ int mbedtls_md4_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD4 test #%d: ", i + 1 ); - mbedtls_md4( (unsigned char *) md4_test_str[i], - strlen( md4_test_str[i] ), md4sum ); + if( mbedtls_md4_ext( (unsigned char *) md4_test_str[i], + strlen( md4_test_str[i] ), md4sum ) != 0 ) + goto fail; if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto fail; if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -377,6 +409,12 @@ int mbedtls_md4_self_test( int verbose ) mbedtls_printf( "\n" ); return( 0 ); + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); } #endif /* MBEDTLS_SELF_TEST */ From 2cfd7a982cd8de8a091104c081f61135b4487e47 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 2 May 2017 10:19:27 +0100 Subject: [PATCH 04/43] Add int return values to MD5 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_md5() * mbedtls_md5_starts() * mbedtls_md5_update() * mbedtls_md5_finish() * mbedtls_md5_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/md5.h | 127 ++++++++++++++++++++++++++++++++++++++++-- library/md5.c | 76 ++++++++++++++++++------- 2 files changed, 177 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 5a64061aa..7ecf49f90 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -78,8 +78,10 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, * \brief MD5 context setup * * \param ctx context to be initialized + * + * \return 0 if successful */ -void mbedtls_md5_starts( mbedtls_md5_context *ctx ); +int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ); /** * \brief MD5 process buffer @@ -87,19 +89,103 @@ void mbedtls_md5_starts( mbedtls_md5_context *ctx ); * \param ctx MD5 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ); +int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD5 final digest * * \param ctx MD5 context * \param output MD5 checksum result + * + * \return 0 if successful */ -void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ); +int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, + unsigned char output[16] ); -/* Internal use */ -void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ); +/** + * \brief MD5 process data block (internal use only) + * + * \param ctx MD5 context + * \param data buffer holding one block of data + * + * \return 0 if successful + */ +int mbedtls_md5_process_ext( mbedtls_md5_context *ctx, + const unsigned char data[64] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief MD5 context setup + * + * \deprecated Superseded by mbedtls_md5_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( + mbedtls_md5_context *ctx ) +{ + mbedtls_md5_starts_ext( ctx ); +} + +/** + * \brief MD5 process buffer + * + * \deprecated Superseded by mbedtls_md5_update_ext() in 2.5.0 + * + * \param ctx MD5 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( + mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_md5_update_ext( ctx, input, ilen ); +} + +/** + * \brief MD5 final digest + * + * \deprecated Superseded by mbedtls_md5_finish_ext() in 2.5.0 + * + * \param ctx MD5 context + * \param output MD5 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( + mbedtls_md5_context *ctx, + unsigned char output[16] ) +{ + mbedtls_md5_finish_ext( ctx, output ); +} + +/** + * \brief MD5 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_md5_process_ext() in 2.5.0 + * + * \param ctx MD5 context + * \param data buffer holding one block of data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md5_process( + mbedtls_md5_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_md5_process_ext( ctx, data ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -119,8 +205,37 @@ extern "C" { * \param input buffer holding the data * \param ilen length of the input data * \param output MD5 checksum result + * + * \return 0 if successful */ -void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] ); +int mbedtls_md5_ext( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = MD5( input buffer ) + * + * \deprecated Superseded by mbedtls_md5_ext() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output MD5 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_md5( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) +{ + mbedtls_md5_ext( input, ilen, output ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine diff --git a/library/md5.c b/library/md5.c index 5d972dc9d..dd046af85 100644 --- a/library/md5.c +++ b/library/md5.c @@ -97,7 +97,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, /* * MD5 context setup */ -void mbedtls_md5_starts( mbedtls_md5_context *ctx ) +int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -106,10 +106,13 @@ void mbedtls_md5_starts( mbedtls_md5_context *ctx ) ctx->state[1] = 0xEFCDAB89; ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476; + + return( 0 ); } #if !defined(MBEDTLS_MD5_PROCESS_ALT) -void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ) +int mbedtls_md5_process_ext( mbedtls_md5_context *ctx, + const unsigned char data[64] ) { uint32_t X[16], A, B, C, D; @@ -230,19 +233,24 @@ void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ctx->state[1] += B; ctx->state[2] += C; ctx->state[3] += D; + + return( 0 ); } #endif /* !MBEDTLS_MD5_PROCESS_ALT */ /* * MD5 process buffer */ -void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) +int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; uint32_t left; if( ilen == 0 ) - return; + return( 0 ); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -256,7 +264,9 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, s if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_md5_process( ctx, ctx->buffer ); + if( ( ret = mbedtls_md5_process_ext( ctx, ctx->buffer ) ) != 0 ) + return( ret ); + input += fill; ilen -= fill; left = 0; @@ -264,7 +274,9 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, s while( ilen >= 64 ) { - mbedtls_md5_process( ctx, input ); + if( ( ret = mbedtls_md5_process_ext( ctx, input ) ) != 0 ) + return( ret ); + input += 64; ilen -= 64; } @@ -273,6 +285,8 @@ void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, s { memcpy( (void *) (ctx->buffer + left), input, ilen ); } + + return( 0 ); } static const unsigned char md5_padding[64] = @@ -286,8 +300,10 @@ static const unsigned char md5_padding[64] = /* * MD5 final digest */ -void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) +int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, + unsigned char output[16] ) { + int ret; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; @@ -302,13 +318,18 @@ void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - mbedtls_md5_update( ctx, md5_padding, padn ); - mbedtls_md5_update( ctx, msglen, 8 ); + if( ( ret = mbedtls_md5_update_ext( ctx, md5_padding, padn ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md5_update_ext( ctx, msglen, 8 ) ) != 0 ) + return( ret ); PUT_UINT32_LE( ctx->state[0], output, 0 ); PUT_UINT32_LE( ctx->state[1], output, 4 ); PUT_UINT32_LE( ctx->state[2], output, 8 ); PUT_UINT32_LE( ctx->state[3], output, 12 ); + + return( 0 ); } #endif /* !MBEDTLS_MD5_ALT */ @@ -316,15 +337,27 @@ void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) /* * output = MD5( input buffer ) */ -void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] ) +int mbedtls_md5_ext( const unsigned char *input, + size_t ilen, + unsigned char output[16] ) { + int ret; mbedtls_md5_context ctx; mbedtls_md5_init( &ctx ); - mbedtls_md5_starts( &ctx ); - mbedtls_md5_update( &ctx, input, ilen ); - mbedtls_md5_finish( &ctx, output ); + + if( ( ret = mbedtls_md5_starts_ext( &ctx ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md5_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_md5_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + mbedtls_md5_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -379,15 +412,12 @@ int mbedtls_md5_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD5 test #%d: ", i + 1 ); - mbedtls_md5( md5_test_buf[i], md5_test_buflen[i], md5sum ); + if( mbedtls_md5_ext( md5_test_buf[i], + md5_test_buflen[i], md5sum ) != 0 ) + goto fail; if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto fail; if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -397,6 +427,12 @@ int mbedtls_md5_self_test( int verbose ) mbedtls_printf( "\n" ); return( 0 ); + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); } #endif /* MBEDTLS_SELF_TEST */ From b1a8bf9725501333ffe535c6a5bce8d08bd6167b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 2 May 2017 10:59:46 +0100 Subject: [PATCH 05/43] Add int return values to RIPEMD-160 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_ripemd160() * mbedtls_ripemd160_starts() * mbedtls_ripemd160_update() * mbedtls_ripemd160_finish() * mbedtls_ripemd160_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/ripemd160.h | 135 +++++++++++++++++++++++++++++++++--- library/ripemd160.c | 87 ++++++++++++++++------- 2 files changed, 189 insertions(+), 33 deletions(-) diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 7083fc859..5ef4700c6 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -32,6 +32,11 @@ #include #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_RIPEMD160_ALT) // Regular implementation // @@ -78,8 +83,10 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, * \brief RIPEMD-160 context setup * * \param ctx context to be initialized + * + * \return 0 if successful */ -void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ); +int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ); /** * \brief RIPEMD-160 process buffer @@ -87,20 +94,103 @@ void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ); * \param ctx RIPEMD-160 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, - const unsigned char *input, size_t ilen ); +int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief RIPEMD-160 final digest * * \param ctx RIPEMD-160 context * \param output RIPEMD-160 checksum result + * + * \return 0 if successful */ -void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] ); +int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, + unsigned char output[20] ); -/* Internal use */ -void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] ); +/** + * \brief RIPEMD-160 process data block (internal use only) + * + * \param ctx RIPEMD-160 context + * \param data buffer holding one block of data + * + * \return 0 if successful + */ +int mbedtls_ripemd160_process_ext( mbedtls_ripemd160_context *ctx, + const unsigned char data[64] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief RIPEMD-160 context setup + * + * \deprecated Superseded by mbedtls_ripemd160_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + */ +MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts( + mbedtls_ripemd160_context *ctx ) +{ + mbedtls_ripemd160_starts_ext( ctx ); +} + +/** + * \brief RIPEMD-160 process buffer + * + * \deprecated Superseded by mbedtls_ripemd160_update_ext() in 2.5.0 + * + * \param ctx RIPEMD-160 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update( + mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_ripemd160_update_ext( ctx, input, ilen ); +} + +/** + * \brief RIPEMD-160 final digest + * + * \deprecated Superseded by mbedtls_ripemd160_finish_ext() in 2.5.0 + * + * \param ctx RIPEMD-160 context + * \param output RIPEMD-160 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish( + mbedtls_ripemd160_context *ctx, + unsigned char output[20] ) +{ + mbedtls_ripemd160_finish_ext( ctx, output ); +} + +/** + * \brief RIPEMD-160 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_ripemd160_process_ext() in 2.5.0 + * + * \param ctx RIPEMD-160 context + * \param data buffer holding one block of data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_process( + mbedtls_ripemd160_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_ripemd160_process_ext( ctx, data ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -120,9 +210,38 @@ extern "C" { * \param input buffer holding the data * \param ilen length of the input data * \param output RIPEMD-160 checksum result + * + * \return 0 if successful */ -void mbedtls_ripemd160( const unsigned char *input, size_t ilen, - unsigned char output[20] ); +int mbedtls_ripemd160_ext( const unsigned char *input, + size_t ilen, + unsigned char output[20] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = RIPEMD-160( input buffer ) + * + * \deprecated Superseded by mbedtls_ripemd160_ext() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output RIPEMD-160 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160( + const unsigned char *input, + size_t ilen, + unsigned char output[20] ) +{ + mbedtls_ripemd160_ext( input, ilen, output ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine diff --git a/library/ripemd160.c b/library/ripemd160.c index cdb0a63c0..f1d1f1e9d 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -96,7 +96,7 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, /* * RIPEMD-160 context setup */ -void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ) +int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -106,13 +106,16 @@ void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ) ctx->state[2] = 0x98BADCFE; ctx->state[3] = 0x10325476; ctx->state[4] = 0xC3D2E1F0; + + return( 0 ); } #if !defined(MBEDTLS_RIPEMD160_PROCESS_ALT) /* * Process one block */ -void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] ) +int mbedtls_ripemd160_process_ext( mbedtls_ripemd160_context *ctx, + const unsigned char data[64] ) { uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16]; @@ -287,20 +290,24 @@ void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned c ctx->state[3] = ctx->state[4] + A + Bp; ctx->state[4] = ctx->state[0] + B + Cp; ctx->state[0] = C; + + return( 0 ); } #endif /* !MBEDTLS_RIPEMD160_PROCESS_ALT */ /* * RIPEMD-160 process buffer */ -void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, - const unsigned char *input, size_t ilen ) +int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; uint32_t left; if( ilen == 0 ) - return; + return( 0 ); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -314,7 +321,10 @@ void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_ripemd160_process( ctx, ctx->buffer ); + + if( ( ret = mbedtls_ripemd160_process_ext( ctx, ctx->buffer ) ) != 0 ) + return( ret ); + input += fill; ilen -= fill; left = 0; @@ -322,7 +332,9 @@ void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, while( ilen >= 64 ) { - mbedtls_ripemd160_process( ctx, input ); + if( ( ret = mbedtls_ripemd160_process_ext( ctx, input ) ) != 0 ) + return( ret ); + input += 64; ilen -= 64; } @@ -331,6 +343,8 @@ void mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, { memcpy( (void *) (ctx->buffer + left), input, ilen ); } + + return( 0 ); } static const unsigned char ripemd160_padding[64] = @@ -344,8 +358,10 @@ static const unsigned char ripemd160_padding[64] = /* * RIPEMD-160 final digest */ -void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] ) +int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, + unsigned char output[20] ) { + int ret; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; @@ -360,29 +376,47 @@ void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char out last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - mbedtls_ripemd160_update( ctx, ripemd160_padding, padn ); - mbedtls_ripemd160_update( ctx, msglen, 8 ); + ret = mbedtls_ripemd160_update_ext( ctx, ripemd160_padding, padn ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_ripemd160_update_ext( ctx, msglen, 8 ); + if( ret != 0 ) + return( ret ); PUT_UINT32_LE( ctx->state[0], output, 0 ); PUT_UINT32_LE( ctx->state[1], output, 4 ); PUT_UINT32_LE( ctx->state[2], output, 8 ); PUT_UINT32_LE( ctx->state[3], output, 12 ); PUT_UINT32_LE( ctx->state[4], output, 16 ); + + return( 0 ); } /* * output = RIPEMD-160( input buffer ) */ -void mbedtls_ripemd160( const unsigned char *input, size_t ilen, - unsigned char output[20] ) +int mbedtls_ripemd160_ext( const unsigned char *input, + size_t ilen, + unsigned char output[20] ) { + int ret; mbedtls_ripemd160_context ctx; mbedtls_ripemd160_init( &ctx ); - mbedtls_ripemd160_starts( &ctx ); - mbedtls_ripemd160_update( &ctx, input, ilen ); - mbedtls_ripemd160_finish( &ctx, output ); + + if( ( ret = mbedtls_ripemd160_starts_ext( &ctx ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_ripemd160_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_ripemd160_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + mbedtls_ripemd160_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -430,7 +464,7 @@ static const unsigned char ripemd160_test_md[TESTS][20] = */ int mbedtls_ripemd160_self_test( int verbose ) { - int i; + int i, ret; unsigned char output[20]; memset( output, 0, sizeof output ); @@ -440,17 +474,14 @@ int mbedtls_ripemd160_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " RIPEMD-160 test #%d: ", i + 1 ); - mbedtls_ripemd160( (const unsigned char *) ripemd160_test_input[i], - strlen( ripemd160_test_input[i] ), - output ); + ret = mbedtls_ripemd160_ext( + (const unsigned char *)ripemd160_test_input[i], + strlen( ripemd160_test_input[i] ), output ); + if( ret != 0 ) + goto fail; if( memcmp( output, ripemd160_test_md[i], 20 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto fail; if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -460,6 +491,12 @@ int mbedtls_ripemd160_self_test( int verbose ) mbedtls_printf( "\n" ); return( 0 ); + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); } #endif /* MBEDTLS_SELF_TEST */ From 72a7f53064e489471a130a06aea0b01a9039899c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 2 May 2017 11:38:47 +0100 Subject: [PATCH 06/43] Add int return values to SHA-256 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_sha256() * mbedtls_sha256_starts() * mbedtls_sha256_update() * mbedtls_sha256_finish() * mbedtls_sha256_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/sha256.h | 140 ++++++++++++++++++++++++++++++++++++--- library/sha256.c | 97 +++++++++++++++++++-------- 2 files changed, 202 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index f8041adf0..3667e8c10 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -32,6 +32,11 @@ #include #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_SHA256_ALT) // Regular implementation // @@ -80,8 +85,10 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * * \param ctx context to be initialized * \param is224 0 = use SHA256, 1 = use SHA224 + * + * \return 0 if successful */ -void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); +int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ); /** * \brief SHA-256 process buffer @@ -89,20 +96,105 @@ void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); * \param ctx SHA-256 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, - size_t ilen ); +int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief SHA-256 final digest * * \param ctx SHA-256 context * \param output SHA-224/256 checksum result + * + * \return 0 if successful */ -void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ); +int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, + unsigned char output[32] ); -/* Internal use */ -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); +/** + * \brief SHA-256 process data block (internal use only) + * + * \param ctx SHA-256 context + * \param data buffer holding one block of data + * + * \return 0 if successful + */ +int mbedtls_sha256_process_ext( mbedtls_sha256_context *ctx, + const unsigned char data[64] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief SHA-256 context setup + * + * \deprecated Superseded by mbedtls_sha256_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( + mbedtls_sha256_context *ctx, + int is224 ) +{ + mbedtls_sha256_starts_ext( ctx, is224 ); +} + +/** + * \brief SHA-256 process buffer + * + * \deprecated Superseded by mbedtls_sha256_update_ext() in 2.5.0 + * + * \param ctx SHA-256 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( + mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_sha256_update_ext( ctx, input, ilen ); +} + +/** + * \brief SHA-256 final digest + * + * \deprecated Superseded by mbedtls_sha256_finish_ext() in 2.5.0 + * + * \param ctx SHA-256 context + * \param output SHA-224/256 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( + mbedtls_sha256_context *ctx, + unsigned char output[32] ) +{ + mbedtls_sha256_finish_ext( ctx, output ); +} + +/** + * \brief SHA-256 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_sha256_process_ext() in 2.5.0 + * + * \param ctx SHA-256 context + * \param data buffer holding one block of data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256_process( + mbedtls_sha256_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_sha256_process_ext( ctx, data ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -123,9 +215,41 @@ extern "C" { * \param ilen length of the input data * \param output SHA-224/256 checksum result * \param is224 0 = use SHA256, 1 = use SHA224 + * + * \return 0 if successful */ -void mbedtls_sha256( const unsigned char *input, size_t ilen, - unsigned char output[32], int is224 ); +int mbedtls_sha256_ext( const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224 ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = SHA-256( input buffer ) + * + * \deprecated Superseded by mbedtls_sha256_ext() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-224/256 checksum result + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256( + const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224 ) +{ + mbedtls_sha256_ext( input, ilen, output, is224 ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine diff --git a/library/sha256.c b/library/sha256.c index ad25d3833..337b8e643 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -100,7 +100,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, /* * SHA-256 context setup */ -void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) +int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -131,6 +131,8 @@ void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) } ctx->is224 = is224; + + return( 0 ); } #if !defined(MBEDTLS_SHA256_PROCESS_ALT) @@ -179,7 +181,8 @@ static const uint32_t K[] = d += temp1; h = temp1 + temp2; \ } -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) +int mbedtls_sha256_process_ext( mbedtls_sha256_context *ctx, + const unsigned char data[64] ) { uint32_t temp1, temp2, W[64]; uint32_t A[8]; @@ -232,20 +235,24 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char da for( i = 0; i < 8; i++ ) ctx->state[i] += A[i]; + + return( 0 ); } #endif /* !MBEDTLS_SHA256_PROCESS_ALT */ /* * SHA-256 process buffer */ -void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, - size_t ilen ) +int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; uint32_t left; if( ilen == 0 ) - return; + return( 0 ); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -259,7 +266,10 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *in if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_sha256_process( ctx, ctx->buffer ); + + if( ( ret = mbedtls_sha256_process_ext( ctx, ctx->buffer ) ) != 0 ) + return( ret ); + input += fill; ilen -= fill; left = 0; @@ -267,13 +277,17 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *in while( ilen >= 64 ) { - mbedtls_sha256_process( ctx, input ); + if( ( ret = mbedtls_sha256_process_ext( ctx, input ) ) != 0 ) + return( ret ); + input += 64; ilen -= 64; } if( ilen > 0 ) memcpy( (void *) (ctx->buffer + left), input, ilen ); + + return( 0 ); } static const unsigned char sha256_padding[64] = @@ -287,8 +301,10 @@ static const unsigned char sha256_padding[64] = /* * SHA-256 final digest */ -void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ) +int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, + unsigned char output[32] ) { + int ret; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; @@ -303,8 +319,11 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32 last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - mbedtls_sha256_update( ctx, sha256_padding, padn ); - mbedtls_sha256_update( ctx, msglen, 8 ); + if( ( ret = mbedtls_sha256_update_ext( ctx, sha256_padding, padn ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha256_update_ext( ctx, msglen, 8 ) ) != 0 ) + return( ret ); PUT_UINT32_BE( ctx->state[0], output, 0 ); PUT_UINT32_BE( ctx->state[1], output, 4 ); @@ -316,6 +335,8 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32 if( ctx->is224 == 0 ) PUT_UINT32_BE( ctx->state[7], output, 28 ); + + return( 0 ); } #endif /* !MBEDTLS_SHA256_ALT */ @@ -323,16 +344,28 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32 /* * output = SHA-256( input buffer ) */ -void mbedtls_sha256( const unsigned char *input, size_t ilen, - unsigned char output[32], int is224 ) +int mbedtls_sha256_ext( const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224 ) { + int ret; mbedtls_sha256_context ctx; mbedtls_sha256_init( &ctx ); - mbedtls_sha256_starts( &ctx, is224 ); - mbedtls_sha256_update( &ctx, input, ilen ); - mbedtls_sha256_finish( &ctx, output ); + + if( ( ret = mbedtls_sha256_starts_ext( &ctx, is224 ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha256_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha256_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + mbedtls_sha256_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -415,29 +448,31 @@ int mbedtls_sha256_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); - mbedtls_sha256_starts( &ctx, k ); + if( mbedtls_sha256_starts_ext( &ctx, k ) != 0 ) + goto fail; if( j == 2 ) { memset( buf, 'a', buflen = 1000 ); for( j = 0; j < 1000; j++ ) - mbedtls_sha256_update( &ctx, buf, buflen ); + if( mbedtls_sha256_update_ext( &ctx, buf, buflen ) != 0 ) + goto fail; + } else - mbedtls_sha256_update( &ctx, sha256_test_buf[j], - sha256_test_buflen[j] ); + { + if( mbedtls_sha256_update_ext( &ctx, sha256_test_buf[j], + sha256_test_buflen[j] ) != 0 ) + goto fail; + } + + if( mbedtls_sha256_finish_ext( &ctx, sha256sum ) != 0 ) + goto fail; - mbedtls_sha256_finish( &ctx, sha256sum ); if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + goto fail; if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -446,6 +481,14 @@ int mbedtls_sha256_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "\n" ); + goto exit; + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + ret = 1; + exit: mbedtls_sha256_free( &ctx ); mbedtls_free( buf ); From 614c689e0548b07a014da93f34fa0f1b147ea369 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 2 May 2017 12:07:26 +0100 Subject: [PATCH 07/43] Add int return values to SHA-512 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_sha512() * mbedtls_sha512_starts() * mbedtls_sha512_update() * mbedtls_sha512_finish() * mbedtls_sha512_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/sha512.h | 142 ++++++++++++++++++++++++++++++++++++--- library/sha512.c | 95 ++++++++++++++++++-------- 2 files changed, 201 insertions(+), 36 deletions(-) diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 627694f42..3049110ab 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -32,6 +32,11 @@ #include #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_SHA512_ALT) // Regular implementation // @@ -80,8 +85,10 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, * * \param ctx context to be initialized * \param is384 0 = use SHA512, 1 = use SHA384 + * + * \return 0 if successful */ -void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ); +int mbedtls_sha512_starts_ext( mbedtls_sha512_context *ctx, int is384 ); /** * \brief SHA-512 process buffer @@ -89,17 +96,105 @@ void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ); * \param ctx SHA-512 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input, - size_t ilen ); +int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief SHA-512 final digest * * \param ctx SHA-512 context * \param output SHA-384/512 checksum result + * + * \return 0 if successful */ -void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ); +int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, + unsigned char output[64] ); + +/** + * \brief SHA-512 process data block (internal use only) + * + * \param ctx SHA-512 context + * \param data buffer holding one block of data + * + * \return 0 if successful + */ +int mbedtls_sha512_process_ext( mbedtls_sha512_context *ctx, + const unsigned char data[128] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief SHA-512 context setup + * + * \deprecated Superseded by mbedtls_sha512_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + * \param is384 0 = use SHA512, 1 = use SHA384 + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( + mbedtls_sha512_context *ctx, + int is384 ) +{ + mbedtls_sha512_starts_ext( ctx, is384 ); +} + +/** + * \brief SHA-512 process buffer + * + * \deprecated Superseded by mbedtls_sha512_update_ext() in 2.5.0 + * + * \param ctx SHA-512 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( + mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_sha512_update_ext( ctx, input, ilen ); +} + +/** + * \brief SHA-512 final digest + * + * \deprecated Superseded by mbedtls_sha512_finish_ext() in 2.5.0 + * + * \param ctx SHA-512 context + * \param output SHA-384/512 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( + mbedtls_sha512_context *ctx, + unsigned char output[64] ) +{ + mbedtls_sha512_finish_ext( ctx, output ); +} + +/** + * \brief SHA-512 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_sha512_process_ext() in 2.5.0 + * + * \param ctx SHA-512 context + * \param data buffer holding one block of data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha512_process( + mbedtls_sha512_context *ctx, + const unsigned char data[128] ) +{ + mbedtls_sha512_process_ext( ctx, data ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -120,9 +215,41 @@ extern "C" { * \param ilen length of the input data * \param output SHA-384/512 checksum result * \param is384 0 = use SHA512, 1 = use SHA384 + * + * \return 0 if successful */ -void mbedtls_sha512( const unsigned char *input, size_t ilen, - unsigned char output[64], int is384 ); +int mbedtls_sha512_ext( const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384 ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = SHA-512( input buffer ) + * + * \deprecated Superseded by mbedtls_sha512_ext() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-384/512 checksum result + * \param is384 0 = use SHA512, 1 = use SHA384 + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha512( + const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384 ) +{ + mbedtls_sha512_ext( input, ilen, output, is384 ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine @@ -131,9 +258,6 @@ void mbedtls_sha512( const unsigned char *input, size_t ilen, */ int mbedtls_sha512_self_test( int verbose ); -/* Internal use */ -void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ); - #ifdef __cplusplus } #endif diff --git a/library/sha512.c b/library/sha512.c index 724522ac6..74c7533b3 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -114,7 +114,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, /* * SHA-512 context setup */ -void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) +int mbedtls_sha512_starts_ext( mbedtls_sha512_context *ctx, int is384 ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -145,6 +145,8 @@ void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) } ctx->is384 = is384; + + return( 0 ); } #if !defined(MBEDTLS_SHA512_PROCESS_ALT) @@ -196,7 +198,8 @@ static const uint64_t K[80] = UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) }; -void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) +int mbedtls_sha512_process_ext( mbedtls_sha512_context *ctx, + const unsigned char data[128] ) { int i; uint64_t temp1, temp2, W[80]; @@ -263,20 +266,24 @@ void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char da ctx->state[5] += F; ctx->state[6] += G; ctx->state[7] += H; + + return( 0 ); } #endif /* !MBEDTLS_SHA512_PROCESS_ALT */ /* * SHA-512 process buffer */ -void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input, - size_t ilen ) +int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; unsigned int left; if( ilen == 0 ) - return; + return( 0 ); left = (unsigned int) (ctx->total[0] & 0x7F); fill = 128 - left; @@ -289,7 +296,10 @@ void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *in if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_sha512_process( ctx, ctx->buffer ); + + if( ( ret = mbedtls_sha512_process_ext( ctx, ctx->buffer ) ) != 0 ) + return( ret ); + input += fill; ilen -= fill; left = 0; @@ -297,13 +307,17 @@ void mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *in while( ilen >= 128 ) { - mbedtls_sha512_process( ctx, input ); + if( ( ret = mbedtls_sha512_process_ext( ctx, input ) ) != 0 ) + return( ret ); + input += 128; ilen -= 128; } if( ilen > 0 ) memcpy( (void *) (ctx->buffer + left), input, ilen ); + + return( 0 ); } static const unsigned char sha512_padding[128] = @@ -321,8 +335,10 @@ static const unsigned char sha512_padding[128] = /* * SHA-512 final digest */ -void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ) +int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, + unsigned char output[64] ) { + int ret; size_t last, padn; uint64_t high, low; unsigned char msglen[16]; @@ -337,8 +353,11 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64 last = (size_t)( ctx->total[0] & 0x7F ); padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); - mbedtls_sha512_update( ctx, sha512_padding, padn ); - mbedtls_sha512_update( ctx, msglen, 16 ); + if( ( ret = mbedtls_sha512_update_ext( ctx, sha512_padding, padn ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha512_update_ext( ctx, msglen, 16 ) ) != 0 ) + return( ret ); PUT_UINT64_BE( ctx->state[0], output, 0 ); PUT_UINT64_BE( ctx->state[1], output, 8 ); @@ -352,6 +371,8 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64 PUT_UINT64_BE( ctx->state[6], output, 48 ); PUT_UINT64_BE( ctx->state[7], output, 56 ); } + + return( 0 ); } #endif /* !MBEDTLS_SHA512_ALT */ @@ -359,16 +380,28 @@ void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64 /* * output = SHA-512( input buffer ) */ -void mbedtls_sha512( const unsigned char *input, size_t ilen, - unsigned char output[64], int is384 ) +int mbedtls_sha512_ext( const unsigned char *input, + size_t ilen, + unsigned char output[64], + int is384 ) { + int ret; mbedtls_sha512_context ctx; mbedtls_sha512_init( &ctx ); - mbedtls_sha512_starts( &ctx, is384 ); - mbedtls_sha512_update( &ctx, input, ilen ); - mbedtls_sha512_finish( &ctx, output ); + + if( ( ret = mbedtls_sha512_starts_ext( &ctx, is384 ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha512_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha512_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + mbedtls_sha512_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -471,29 +504,29 @@ int mbedtls_sha512_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); - mbedtls_sha512_starts( &ctx, k ); + if( mbedtls_sha512_starts_ext( &ctx, k ) != 0 ) + goto fail; if( j == 2 ) { memset( buf, 'a', buflen = 1000 ); for( j = 0; j < 1000; j++ ) - mbedtls_sha512_update( &ctx, buf, buflen ); + if( mbedtls_sha512_update_ext( &ctx, buf, buflen ) != 0 ) + goto fail; } else - mbedtls_sha512_update( &ctx, sha512_test_buf[j], - sha512_test_buflen[j] ); + { + if( mbedtls_sha512_update_ext( &ctx, sha512_test_buf[j], + sha512_test_buflen[j] ) != 0 ) + goto fail; + } - mbedtls_sha512_finish( &ctx, sha512sum ); + if( mbedtls_sha512_finish_ext( &ctx, sha512sum ) != 0 ) + goto fail; if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + goto fail; if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -502,6 +535,14 @@ int mbedtls_sha512_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "\n" ); + goto exit; + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + ret = 1; + exit: mbedtls_sha512_free( &ctx ); mbedtls_free( buf ); From cccfe08530a986a7f8df19df06f2c8b0ee72d1ca Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 10:36:39 +0100 Subject: [PATCH 08/43] Rename md process functions with _internal_ --- include/mbedtls/md2.h | 6 +++--- include/mbedtls/md4.h | 8 ++++---- include/mbedtls/md5.h | 8 ++++---- include/mbedtls/ripemd160.h | 8 ++++---- include/mbedtls/sha1.h | 8 ++++---- include/mbedtls/sha256.h | 8 ++++---- include/mbedtls/sha512.h | 8 ++++---- library/md2.c | 8 ++++---- library/md4.c | 8 ++++---- library/md5.c | 8 ++++---- library/ripemd160.c | 8 ++++---- library/sha1.c | 8 ++++---- library/sha256.c | 6 +++--- library/sha512.c | 8 ++++---- 14 files changed, 54 insertions(+), 54 deletions(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 1f3b10773..2c133a2aa 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -119,7 +119,7 @@ int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, * * \return 0 if successful */ -int mbedtls_md2_process_ext( mbedtls_md2_context *ctx ); +int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -175,14 +175,14 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( /** * \brief MD2 process data block (internal use only) * - * \deprecated Superseded by mbedtls_md2_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_md2_process() in 2.5.0 * * \param ctx MD2 context */ MBEDTLS_DEPRECATED static inline void mbedtls_md2_process( mbedtls_md2_context *ctx ) { - mbedtls_md2_process_ext( ctx ); + mbedtls_internal_md2_process( ctx ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index 7968b69a0..671c6a4f1 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -120,8 +120,8 @@ int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, * * \return 0 if successful */ -int mbedtls_md4_process_ext( mbedtls_md4_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, + const unsigned char data[64] ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -177,7 +177,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( /** * \brief MD4 process data block (internal use only) * - * \deprecated Superseded by mbedtls_md4_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_md4_process() in 2.5.0 * * \param ctx MD4 context * \param data buffer holding one block of data @@ -186,7 +186,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] ) { - mbedtls_md4_process_ext( ctx, data ); + mbedtls_internal_md4_process( ctx, data ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 7ecf49f90..816d081ab 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -115,8 +115,8 @@ int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, * * \return 0 if successful */ -int mbedtls_md5_process_ext( mbedtls_md5_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, + const unsigned char data[64] ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -172,7 +172,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( /** * \brief MD5 process data block (internal use only) * - * \deprecated Superseded by mbedtls_md5_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_md5_process() in 2.5.0 * * \param ctx MD5 context * \param data buffer holding one block of data @@ -181,7 +181,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] ) { - mbedtls_md5_process_ext( ctx, data ); + mbedtls_internal_md5_process( ctx, data ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 5ef4700c6..aea16b366 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -120,8 +120,8 @@ int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, * * \return 0 if successful */ -int mbedtls_ripemd160_process_ext( mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, + const unsigned char data[64] ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -177,7 +177,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish( /** * \brief RIPEMD-160 process data block (internal use only) * - * \deprecated Superseded by mbedtls_ripemd160_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_ripemd160_process() in 2.5.0 * * \param ctx RIPEMD-160 context * \param data buffer holding one block of data @@ -186,7 +186,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_process( mbedtls_ripemd160_context *ctx, const unsigned char data[64] ) { - mbedtls_ripemd160_process_ext( ctx, data ); + mbedtls_internal_ripemd160_process( ctx, data ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 9dde5b89e..47a9f996f 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -120,8 +120,8 @@ int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, * * \return 0 if successful */ -int mbedtls_sha1_process_ext( mbedtls_sha1_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, + const unsigned char data[64] ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -177,7 +177,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( /** * \brief SHA-1 process data block (internal use only) * - * \deprecated Superseded by mbedtls_sha1_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.5.0 * * \param ctx SHA-1 context * \param data buffer holding one block of data @@ -186,7 +186,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_process( mbedtls_sha1_context *ctx, const unsigned char data[64] ) { - mbedtls_sha1_process_ext( ctx, data ); + mbedtls_internal_sha1_process( ctx, data ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 3667e8c10..76555f4fd 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -122,8 +122,8 @@ int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, * * \return 0 if successful */ -int mbedtls_sha256_process_ext( mbedtls_sha256_context *ctx, - const unsigned char data[64] ); +int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, + const unsigned char data[64] ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -181,7 +181,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( /** * \brief SHA-256 process data block (internal use only) * - * \deprecated Superseded by mbedtls_sha256_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.5.0 * * \param ctx SHA-256 context * \param data buffer holding one block of data @@ -190,7 +190,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) { - mbedtls_sha256_process_ext( ctx, data ); + mbedtls_internal_sha256_process( ctx, data ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 3049110ab..0fbdb3b71 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -122,8 +122,8 @@ int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, * * \return 0 if successful */ -int mbedtls_sha512_process_ext( mbedtls_sha512_context *ctx, - const unsigned char data[128] ); +int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, + const unsigned char data[128] ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) @@ -181,7 +181,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( /** * \brief SHA-512 process data block (internal use only) * - * \deprecated Superseded by mbedtls_sha512_process_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.5.0 * * \param ctx SHA-512 context * \param data buffer holding one block of data @@ -190,7 +190,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_process( mbedtls_sha512_context *ctx, const unsigned char data[128] ) { - mbedtls_sha512_process_ext( ctx, data ); + mbedtls_internal_sha512_process( ctx, data ); } #undef MBEDTLS_DEPRECATED diff --git a/library/md2.c b/library/md2.c index 7dd2b6bcb..a5d768b25 100644 --- a/library/md2.c +++ b/library/md2.c @@ -116,7 +116,7 @@ int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ) } #if !defined(MBEDTLS_MD2_PROCESS_ALT) -int mbedtls_md2_process_ext( mbedtls_md2_context *ctx ) +int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ) { int i, j; unsigned char t = 0; @@ -179,7 +179,7 @@ int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, if( ctx->left == 16 ) { ctx->left = 0; - if( ( ret = mbedtls_md2_process_ext( ctx ) ) != 0 ) + if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) return( ret ); } } @@ -202,11 +202,11 @@ int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, for( i = ctx->left; i < 16; i++ ) ctx->buffer[i] = x; - if( ( ret = mbedtls_md2_process_ext( ctx ) ) != 0 ) + if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) return( ret ); memcpy( ctx->buffer, ctx->cksum, 16 ); - if( ( ret = mbedtls_md2_process_ext( ctx ) ) != 0 ) + if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) return( ret ); memcpy( output, ctx->state, 16 ); diff --git a/library/md4.c b/library/md4.c index 9239b6344..da4df7b14 100644 --- a/library/md4.c +++ b/library/md4.c @@ -112,8 +112,8 @@ int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ) } #if !defined(MBEDTLS_MD4_PROCESS_ALT) -int mbedtls_md4_process_ext( mbedtls_md4_context *ctx, - const unsigned char data[64] ) +int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, + const unsigned char data[64] ) { uint32_t X[16], A, B, C, D; @@ -247,7 +247,7 @@ int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, memcpy( (void *) (ctx->buffer + left), (void *) input, fill ); - if( ( ret = mbedtls_md4_process_ext( ctx, ctx->buffer ) ) != 0 ) + if( ( ret = mbedtls_internal_md4_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); input += fill; @@ -257,7 +257,7 @@ int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, while( ilen >= 64 ) { - if( ( ret = mbedtls_md4_process_ext( ctx, input ) ) != 0 ) + if( ( ret = mbedtls_internal_md4_process( ctx, input ) ) != 0 ) return( ret ); input += 64; diff --git a/library/md5.c b/library/md5.c index dd046af85..8150f941d 100644 --- a/library/md5.c +++ b/library/md5.c @@ -111,8 +111,8 @@ int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ) } #if !defined(MBEDTLS_MD5_PROCESS_ALT) -int mbedtls_md5_process_ext( mbedtls_md5_context *ctx, - const unsigned char data[64] ) +int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, + const unsigned char data[64] ) { uint32_t X[16], A, B, C, D; @@ -264,7 +264,7 @@ int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - if( ( ret = mbedtls_md5_process_ext( ctx, ctx->buffer ) ) != 0 ) + if( ( ret = mbedtls_internal_md5_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); input += fill; @@ -274,7 +274,7 @@ int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, while( ilen >= 64 ) { - if( ( ret = mbedtls_md5_process_ext( ctx, input ) ) != 0 ) + if( ( ret = mbedtls_internal_md5_process( ctx, input ) ) != 0 ) return( ret ); input += 64; diff --git a/library/ripemd160.c b/library/ripemd160.c index f1d1f1e9d..8bf988eae 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -114,8 +114,8 @@ int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ) /* * Process one block */ -int mbedtls_ripemd160_process_ext( mbedtls_ripemd160_context *ctx, - const unsigned char data[64] ) +int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, + const unsigned char data[64] ) { uint32_t A, B, C, D, E, Ap, Bp, Cp, Dp, Ep, X[16]; @@ -322,7 +322,7 @@ int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, { memcpy( (void *) (ctx->buffer + left), input, fill ); - if( ( ret = mbedtls_ripemd160_process_ext( ctx, ctx->buffer ) ) != 0 ) + if( ( ret = mbedtls_internal_ripemd160_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); input += fill; @@ -332,7 +332,7 @@ int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, while( ilen >= 64 ) { - if( ( ret = mbedtls_ripemd160_process_ext( ctx, input ) ) != 0 ) + if( ( ret = mbedtls_internal_ripemd160_process( ctx, input ) ) != 0 ) return( ret ); input += 64; diff --git a/library/sha1.c b/library/sha1.c index d2ec8bae9..fdd087868 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -112,8 +112,8 @@ int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ) } #if !defined(MBEDTLS_SHA1_PROCESS_ALT) -int mbedtls_sha1_process_ext( mbedtls_sha1_context *ctx, - const unsigned char data[64] ) +int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, + const unsigned char data[64] ) { uint32_t temp, W[16], A, B, C, D, E; @@ -299,7 +299,7 @@ int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, { memcpy( (void *) (ctx->buffer + left), input, fill ); - if( ( ret = mbedtls_sha1_process_ext( ctx, ctx->buffer ) ) != 0 ) + if( ( ret = mbedtls_internal_sha1_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); input += fill; @@ -309,7 +309,7 @@ int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, while( ilen >= 64 ) { - if( ( ret = mbedtls_sha1_process_ext( ctx, input ) ) != 0 ) + if( ( ret = mbedtls_internal_sha1_process( ctx, input ) ) != 0 ) return( ret ); input += 64; diff --git a/library/sha256.c b/library/sha256.c index 337b8e643..88435a3c4 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -181,7 +181,7 @@ static const uint32_t K[] = d += temp1; h = temp1 + temp2; \ } -int mbedtls_sha256_process_ext( mbedtls_sha256_context *ctx, +int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) { uint32_t temp1, temp2, W[64]; @@ -267,7 +267,7 @@ int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, { memcpy( (void *) (ctx->buffer + left), input, fill ); - if( ( ret = mbedtls_sha256_process_ext( ctx, ctx->buffer ) ) != 0 ) + if( ( ret = mbedtls_internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); input += fill; @@ -277,7 +277,7 @@ int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, while( ilen >= 64 ) { - if( ( ret = mbedtls_sha256_process_ext( ctx, input ) ) != 0 ) + if( ( ret = mbedtls_internal_sha256_process( ctx, input ) ) != 0 ) return( ret ); input += 64; diff --git a/library/sha512.c b/library/sha512.c index 74c7533b3..ff7e5ca5b 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -198,8 +198,8 @@ static const uint64_t K[80] = UL64(0x5FCB6FAB3AD6FAEC), UL64(0x6C44198C4A475817) }; -int mbedtls_sha512_process_ext( mbedtls_sha512_context *ctx, - const unsigned char data[128] ) +int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, + const unsigned char data[128] ) { int i; uint64_t temp1, temp2, W[80]; @@ -297,7 +297,7 @@ int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, { memcpy( (void *) (ctx->buffer + left), input, fill ); - if( ( ret = mbedtls_sha512_process_ext( ctx, ctx->buffer ) ) != 0 ) + if( ( ret = mbedtls_internal_sha512_process( ctx, ctx->buffer ) ) != 0 ) return( ret ); input += fill; @@ -307,7 +307,7 @@ int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, while( ilen >= 128 ) { - if( ( ret = mbedtls_sha512_process_ext( ctx, input ) ) != 0 ) + if( ( ret = mbedtls_internal_sha512_process( ctx, input ) ) != 0 ) return( ret ); input += 128; From b71b6307308b6615f006b9c9e450ba54eb109b7e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 10:51:17 +0100 Subject: [PATCH 09/43] Change test suites to use new MD API with ret code --- tests/suites/test_suite_mdx.function | 16 ++++++++++++---- tests/suites/test_suite_shax.function | 10 +++++----- 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index 9d0ee471f..387e7eeb7 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -8,6 +8,7 @@ /* BEGIN_CASE depends_on:MBEDTLS_MD2_C */ void md2_text( char *text_src_string, char *hex_hash_string ) { + int ret; unsigned char src_str[100]; unsigned char hash_str[33]; unsigned char output[16]; @@ -18,7 +19,8 @@ void md2_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - mbedtls_md2( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md2_ext( src_str, strlen( (char *) src_str ), output ); + TEST_ASSERT( ret == 0 ) ; hexify( hash_str, output, sizeof output ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -28,6 +30,7 @@ void md2_text( char *text_src_string, char *hex_hash_string ) /* BEGIN_CASE depends_on:MBEDTLS_MD4_C */ void md4_text( char *text_src_string, char *hex_hash_string ) { + int ret; unsigned char src_str[100]; unsigned char hash_str[33]; unsigned char output[16]; @@ -38,7 +41,8 @@ void md4_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - mbedtls_md4( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md4_ext( src_str, strlen( (char *) src_str ), output ); + TEST_ASSERT( ret == 0 ); hexify( hash_str, output, sizeof output ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -48,6 +52,7 @@ void md4_text( char *text_src_string, char *hex_hash_string ) /* BEGIN_CASE depends_on:MBEDTLS_MD5_C */ void md5_text( char *text_src_string, char *hex_hash_string ) { + int ret; unsigned char src_str[100]; unsigned char hash_str[33]; unsigned char output[16]; @@ -58,7 +63,8 @@ void md5_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - mbedtls_md5( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md5_ext( src_str, strlen( (char *) src_str ), output ); + TEST_ASSERT( ret == 0 ); hexify( hash_str, output, sizeof output ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -68,6 +74,7 @@ void md5_text( char *text_src_string, char *hex_hash_string ) /* BEGIN_CASE depends_on:MBEDTLS_RIPEMD160_C */ void ripemd160_text( char *text_src_string, char *hex_hash_string ) { + int ret; unsigned char src_str[100]; unsigned char hash_str[41]; unsigned char output[20]; @@ -78,7 +85,8 @@ void ripemd160_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - mbedtls_ripemd160( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_ripemd160_ext( src_str, strlen( (char *) src_str ), output ); + TEST_ASSERT( ret == 0 ); hexify( hash_str, output, sizeof output ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 6b3ee9c54..b6f8f510c 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -18,7 +18,7 @@ void mbedtls_sha1( char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - mbedtls_sha1( src_str, src_len, output ); + TEST_ASSERT( mbedtls_sha1_ext( src_str, src_len, output ) == 0 ); hexify( hash_str, output, 20 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -39,7 +39,7 @@ void sha224(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - mbedtls_sha256( src_str, src_len, output, 1 ); + TEST_ASSERT( mbedtls_sha256_ext( src_str, src_len, output, 1 ) == 0 ); hexify( hash_str, output, 28 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -60,7 +60,7 @@ void mbedtls_sha256(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - mbedtls_sha256( src_str, src_len, output, 0 ); + TEST_ASSERT( mbedtls_sha256_ext( src_str, src_len, output, 0 ) == 0 ); hexify( hash_str, output, 32 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -81,7 +81,7 @@ void sha384(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - mbedtls_sha512( src_str, src_len, output, 1 ); + TEST_ASSERT( mbedtls_sha512_ext( src_str, src_len, output, 1 ) == 0 ); hexify( hash_str, output, 48 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -102,7 +102,7 @@ void mbedtls_sha512(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - mbedtls_sha512( src_str, src_len, output, 0); + TEST_ASSERT( mbedtls_sha512_ext( src_str, src_len, output, 0 ) == 0 ); hexify( hash_str, output, 64 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); From 8d8204fc6f71375f8163961900a6c8852ad5b4e8 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 11:07:30 +0100 Subject: [PATCH 10/43] Change x509write_crt to use new MD API ret code --- library/x509write_crt.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index d1d9a22a7..3faad7c5a 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -177,8 +177,11 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct memset( buf, 0, sizeof(buf) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) ); - mbedtls_sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 ); - c = buf + sizeof(buf) - 20; + ret = mbedtls_sha1_ext( buf + sizeof( buf ) - len, len, + buf + sizeof( buf ) - 20 ); + if( ret != 0 ) + return( ret ); + c = buf + sizeof( buf ) - 20; len = 20; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); @@ -199,8 +202,11 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert * memset( buf, 0, sizeof(buf) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); - mbedtls_sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 ); - c = buf + sizeof(buf) - 20; + ret = mbedtls_sha1_ext( buf + sizeof( buf ) - len, len, + buf + sizeof( buf ) - 20 ); + if( ret != 0 ) + return( ret ); + c = buf + sizeof( buf ) - 20; len = 20; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); @@ -398,7 +404,11 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, /* * Make signature */ - mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ); + if( ( ret = mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, + len, hash ) ) != 0 ) + { + return( ret ); + } if( ( ret = mbedtls_pk_sign( ctx->issuer_key, ctx->md_alg, hash, 0, sig, &sig_len, f_rng, p_rng ) ) != 0 ) From 698089e07e59c61cd84414f48230506145ee96e0 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 11:46:46 +0100 Subject: [PATCH 11/43] Change RSA to use new MD API and check return code --- library/rsa.c | 149 ++++++++++++++++++++++++++++++-------------------- 1 file changed, 91 insertions(+), 58 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index bdd2538c3..bd97d521b 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -566,7 +566,7 @@ cleanup: * \param slen length of the source buffer * \param md_ctx message digest context to use */ -static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, +static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, size_t slen, mbedtls_md_context_t *md_ctx ) { unsigned char mask[MBEDTLS_MD_MAX_SIZE]; @@ -574,6 +574,7 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, unsigned char *p; unsigned int hlen; size_t i, use_len; + int ret; memset( mask, 0, MBEDTLS_MD_MAX_SIZE ); memset( counter, 0, 4 ); @@ -589,10 +590,14 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, if( dlen < hlen ) use_len = dlen; - mbedtls_md_starts( md_ctx ); - mbedtls_md_update( md_ctx, src, slen ); - mbedtls_md_update( md_ctx, counter, 4 ); - mbedtls_md_finish( md_ctx, mask ); + if( ( ret = mbedtls_md_starts( md_ctx ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( md_ctx, src, slen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( md_ctx, counter, 4 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_finish( md_ctx, mask ) ) != 0 ) + goto exit; for( i = 0; i < use_len; ++i ) *p++ ^= mask[i]; @@ -602,7 +607,10 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, dlen -= use_len; } +exit: mbedtls_zeroize( mask, sizeof( mask ) ); + + return( ret ); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -654,7 +662,8 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, p += hlen; /* Construct DB */ - mbedtls_md( md_info, label, label_len, p ); + if( ( ret = mbedtls_md( md_info, label, label_len, p ) ) != 0 ) + return( ret ); p += hlen; p += olen - 2 * hlen - 2 - ilen; *p++ = 1; @@ -662,21 +671,24 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, mbedtls_md_init( &md_ctx ); if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) - { - mbedtls_md_free( &md_ctx ); - return( ret ); - } + goto exit; /* maskedDB: Apply dbMask to DB */ - mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen, - &md_ctx ); + if( ( ret = mgf_mask( output + hlen + 1, olen - hlen - 1, output + 1, hlen, + &md_ctx ) ) != 0 ) + goto exit; /* maskedSeed: Apply seedMask to seed */ - mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, - &md_ctx ); + if( ( ret = mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1, + &md_ctx ) ) != 0 ) + goto exit; +exit: mbedtls_md_free( &md_ctx ); + if( ret != 0 ) + return( ret ); + return( ( mode == MBEDTLS_RSA_PUBLIC ) ? mbedtls_rsa_public( ctx, output, output ) : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) ); @@ -843,20 +855,23 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, goto cleanup; } - - /* Generate lHash */ - mbedtls_md( md_info, label, label_len, lhash ); - /* seed: Apply seedMask to maskedSeed */ - mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1, - &md_ctx ); - + if( ( ret = mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1, + &md_ctx ) ) != 0 || /* DB: Apply dbMask to maskedDB */ - mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, - &md_ctx ); + ( ret = mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen, + &md_ctx ) ) != 0 ) + { + mbedtls_md_free( &md_ctx ); + goto cleanup; + } mbedtls_md_free( &md_ctx ); + /* Generate lHash */ + if( ( ret = mbedtls_md( md_info, label, label_len, lhash ) ) != 0 ) + goto cleanup; + /* * Check contents, in "constant-time" */ @@ -1107,28 +1122,28 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, mbedtls_md_init( &md_ctx ); if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) - { - mbedtls_md_free( &md_ctx ); - /* No need to zeroize salt: we didn't use it. */ - return( ret ); - } + goto exit; /* Generate H = Hash( M' ) */ - mbedtls_md_starts( &md_ctx ); - mbedtls_md_update( &md_ctx, p, 8 ); - mbedtls_md_update( &md_ctx, hash, hashlen ); - mbedtls_md_update( &md_ctx, salt, slen ); - mbedtls_md_finish( &md_ctx, p ); - mbedtls_zeroize( salt, sizeof( salt ) ); + if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( &md_ctx, p, 8 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( &md_ctx, hash, hashlen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( &md_ctx, salt, slen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_finish( &md_ctx, p ) ) != 0 ) + goto exit; /* Compensate for boundary condition when applying mask */ if( msb % 8 == 0 ) offset = 1; /* maskedDB: Apply dbMask to DB */ - mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx ); - - mbedtls_md_free( &md_ctx ); + if( ( ret = mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, + &md_ctx ) ) != 0 ) + goto exit; msb = mbedtls_mpi_bitlen( &ctx->N ) - 1; sig[0] &= 0xFF >> ( olen * 8 - msb ); @@ -1136,6 +1151,14 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, p += hlen; *p++ = 0xBC; + mbedtls_zeroize( salt, sizeof( salt ) ); + +exit: + mbedtls_md_free( &md_ctx ); + + if( ret != 0 ) + return( ret ); + return( ( mode == MBEDTLS_RSA_PUBLIC ) ? mbedtls_rsa_public( ctx, sig, sig ) : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) ); @@ -1382,23 +1405,21 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, mbedtls_md_init( &md_ctx ); if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 ) - { - mbedtls_md_free( &md_ctx ); - return( ret ); - } + goto exit; - mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx ); + if( ( ret = mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, + &md_ctx ) ) != 0 ) + goto exit; buf[0] &= 0xFF >> ( siglen * 8 - msb ); while( p < buf + siglen && *p == 0 ) p++; - if( p == buf + siglen || - *p++ != 0x01 ) + if( p == buf + siglen || *p++ != 0x01 ) { - mbedtls_md_free( &md_ctx ); - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + ret = MBEDTLS_ERR_RSA_INVALID_PADDING; + goto exit; } /* Actual salt len */ @@ -1407,25 +1428,31 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, if( expected_salt_len != MBEDTLS_RSA_SALT_LEN_ANY && slen != (size_t) expected_salt_len ) { - mbedtls_md_free( &md_ctx ); - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + ret = MBEDTLS_ERR_RSA_INVALID_PADDING; + goto exit; } /* * Generate H = Hash( M' ) */ - mbedtls_md_starts( &md_ctx ); - mbedtls_md_update( &md_ctx, zeros, 8 ); - mbedtls_md_update( &md_ctx, hash, hashlen ); - mbedtls_md_update( &md_ctx, p, slen ); - mbedtls_md_finish( &md_ctx, result ); + if( ( ret = mbedtls_md_starts( &md_ctx ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( &md_ctx, zeros, 8 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( &md_ctx, hash, hashlen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_update( &md_ctx, p, slen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md_finish( &md_ctx, result ) ) != 0 ) + goto exit; + if( ( ret = memcmp( p + slen, result, hlen ) ) != 0 ) + ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; + +exit: mbedtls_md_free( &md_ctx ); - if( memcmp( p + slen, result, hlen ) == 0 ) - return( 0 ); - else - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); + return( ret ); } /* @@ -1829,7 +1856,13 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " PKCS#1 data sign : " ); - mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum ); + if( mbedtls_sha1_ext( rsa_plaintext, PT_LEN, sha1sum ) != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + return( 1 ); + } if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) From f0e521e9f10c8552601b2f078c05ff1ecc69fec5 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 12:11:42 +0100 Subject: [PATCH 12/43] Change ssl_cli to new MD API and check return code --- library/ssl_cli.c | 59 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 41 insertions(+), 18 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a2b9f8cfe..86267f5c1 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2493,8 +2493,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) mbedtls_md5_context mbedtls_md5; mbedtls_sha1_context mbedtls_sha1; - mbedtls_md5_init( &mbedtls_md5 ); - mbedtls_sha1_init( &mbedtls_sha1 ); + mbedtls_md5_init( &mbedtls_md5 ); hashlen = 36; @@ -2511,17 +2510,39 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) * SHA(ClientHello.random + ServerHello.random * + ServerParams); */ - mbedtls_md5_starts( &mbedtls_md5 ); - mbedtls_md5_update( &mbedtls_md5, ssl->handshake->randbytes, 64 ); - mbedtls_md5_update( &mbedtls_md5, params, params_len ); - mbedtls_md5_finish( &mbedtls_md5, hash ); + if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 || + ( ret = mbedtls_md5_update_ext( &mbedtls_md5, + ssl->handshake->randbytes, 64 ) ) != 0 || + ( ret = mbedtls_md5_update_ext( &mbedtls_md5, params, + params_len ) ) != 0 || + ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, hash ) ) != 0 ) + { + mbedtls_md5_free( &mbedtls_md5 ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_*", ret ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + return( ret ); + } - mbedtls_sha1_starts( &mbedtls_sha1 ); - mbedtls_sha1_update( &mbedtls_sha1, ssl->handshake->randbytes, 64 ); - mbedtls_sha1_update( &mbedtls_sha1, params, params_len ); - mbedtls_sha1_finish( &mbedtls_sha1, hash + 16 ); + mbedtls_md5_free( &mbedtls_md5 ); + + mbedtls_sha1_init( &mbedtls_sha1 ); + + if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 || + ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, + ssl->handshake->randbytes, 64 ) ) != 0 || + ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, params, + params_len ) ) != 0 || + ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1, + hash + 16 ) ) != 0 ) + { + mbedtls_sha1_free( &mbedtls_sha1 ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_*", ret ); + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + return( ret ); + } - mbedtls_md5_free( &mbedtls_md5 ); mbedtls_sha1_free( &mbedtls_sha1 ); } else @@ -2532,6 +2553,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) if( md_alg != MBEDTLS_MD_NONE ) { mbedtls_md_context_t ctx; + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); mbedtls_md_init( &ctx ); @@ -2545,19 +2567,20 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) * ServerDHParams params; * }; */ - if( ( ret = mbedtls_md_setup( &ctx, - mbedtls_md_info_from_type( md_alg ), 0 ) ) != 0 ) + if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 || + ( ret = mbedtls_md_starts( &ctx ) ) != 0 || + ( ret = mbedtls_md_update( &ctx, + ssl->handshake->randbytes, 64 ) ) != 0 || + ( ret = mbedtls_md_update( &ctx, params, params_len ) ) != 0 || + ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); + mbedtls_md_free( &ctx ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_*", ret ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); return( ret ); } - mbedtls_md_starts( &ctx ); - mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ); - mbedtls_md_update( &ctx, params, params_len ); - mbedtls_md_finish( &ctx, hash ); mbedtls_md_free( &ctx ); } else From d21d625e1fa8838286ac0daa06ae5aebca20c367 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 12:49:17 +0100 Subject: [PATCH 13/43] Change ssl_srv to new MD API and check return code --- library/ssl_srv.c | 59 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 40 insertions(+), 19 deletions(-) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f137c3dce..f08a9bde1 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3099,8 +3099,7 @@ curve_matching_done: mbedtls_md5_context mbedtls_md5; mbedtls_sha1_context mbedtls_sha1; - mbedtls_md5_init( &mbedtls_md5 ); - mbedtls_sha1_init( &mbedtls_sha1 ); + mbedtls_md5_init( &mbedtls_md5 ); /* * digitally-signed struct { @@ -3116,20 +3115,38 @@ curve_matching_done: * + ServerParams); */ - mbedtls_md5_starts( &mbedtls_md5 ); - mbedtls_md5_update( &mbedtls_md5, ssl->handshake->randbytes, 64 ); - mbedtls_md5_update( &mbedtls_md5, dig_signed, dig_signed_len ); - mbedtls_md5_finish( &mbedtls_md5, hash ); + if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 || + ( ret = mbedtls_md5_update_ext( &mbedtls_md5, + ssl->handshake->randbytes, 64 ) ) != 0 || + ( ret = mbedtls_md5_update_ext( &mbedtls_md5, dig_signed, + dig_signed_len ) ) != 0 || + ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, hash ) ) != 0 ) + { + mbedtls_md5_free( &mbedtls_md5 ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_*", ret ); + return( ret ); + } - mbedtls_sha1_starts( &mbedtls_sha1 ); - mbedtls_sha1_update( &mbedtls_sha1, ssl->handshake->randbytes, 64 ); - mbedtls_sha1_update( &mbedtls_sha1, dig_signed, dig_signed_len ); - mbedtls_sha1_finish( &mbedtls_sha1, hash + 16 ); + mbedtls_md5_free( &mbedtls_md5 ); + + mbedtls_sha1_init( &mbedtls_sha1 ); + + if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 || + ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, + ssl->handshake->randbytes, 64 ) ) != 0 || + ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, dig_signed, + dig_signed_len ) ) != 0 || + ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1, + hash + 16 ) ) != 0 ) + { + mbedtls_sha1_free( &mbedtls_sha1 ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_*", ret ); + return( ret ); + } + + mbedtls_sha1_free( &mbedtls_sha1 ); hashlen = 36; - - mbedtls_md5_free( &mbedtls_md5 ); - mbedtls_sha1_free( &mbedtls_sha1 ); } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ @@ -3153,16 +3170,20 @@ curve_matching_done: * ServerDHParams params; * }; */ - if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) + if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 || + ( ret = mbedtls_md_starts( &ctx ) ) != 0 || + ( ret = mbedtls_md_update( &ctx, + ssl->handshake->randbytes, 64 ) ) != 0 || + ( ret = mbedtls_md_update( &ctx, dig_signed, + dig_signed_len ) ) != 0 || + ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); + mbedtls_md_free( &ctx ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_*", ret ); return( ret ); } - mbedtls_md_starts( &ctx ); - mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ); - mbedtls_md_update( &ctx, dig_signed, dig_signed_len ); - mbedtls_md_finish( &ctx, hash ); + mbedtls_md_free( &ctx ); } else From 1ff60f437f8a5bfe5b7a1107a3149f1ce0a50dc9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 13:26:36 +0100 Subject: [PATCH 14/43] Change examples to use the new MD API and check ret code --- programs/hash/hello.c | 11 +++++++---- programs/pkey/dh_client.c | 6 +++++- programs/pkey/dh_server.c | 6 +++++- programs/pkey/ecdsa.c | 11 +++++------ programs/test/benchmark.c | 12 ++++++------ 5 files changed, 28 insertions(+), 18 deletions(-) diff --git a/programs/hash/hello.c b/programs/hash/hello.c index df420f284..a69154f55 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -29,7 +29,9 @@ #include "mbedtls/platform.h" #else #include -#define mbedtls_printf printf +#define mbedtls_printf printf +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif #if defined(MBEDTLS_MD5_C) @@ -45,13 +47,14 @@ int main( void ) #else int main( void ) { - int i; + int i, ret; unsigned char digest[16]; char str[] = "Hello, world!"; mbedtls_printf( "\n MD5('%s') = ", str ); - mbedtls_md5( (unsigned char *) str, 13, digest ); + if( ( ret = mbedtls_md5_ext( (unsigned char *) str, 13, digest ) ) != 0 ) + return( MBEDTLS_EXIT_FAILURE ); for( i = 0; i < 16; i++ ) mbedtls_printf( "%02x", digest[i] ); @@ -63,6 +66,6 @@ int main( void ) fflush( stdout ); getchar(); #endif - return( 0 ); + return( MBEDTLS_EXIT_SUCCESS ); } #endif /* MBEDTLS_MD5_C */ diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 875d0b083..21c4a815f 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -212,7 +212,11 @@ int main( void ) goto exit; } - mbedtls_sha1( buf, (int)( p - 2 - buf ), hash ); + if( ( ret = mbedtls_sha1_ext( buf, (int)( p - 2 - buf ), hash ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_sha1_ext returned %d\n\n", ret ); + goto exit; + } if( ( ret = mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 0, hash, p ) ) != 0 ) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 8bf2b1b29..daa96e64c 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -203,7 +203,11 @@ int main( void ) /* * 5. Sign the parameters and send them */ - mbedtls_sha1( buf, n, hash ); + if( ( ret = mbedtls_sha1_ext( buf, n, hash ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_sha1_ext returned %d\n\n", ret ); + goto exit; + } buf[n ] = (unsigned char)( rsa.len >> 8 ); buf[n + 1] = (unsigned char)( rsa.len ); diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index c3ce56a0f..ecb6c2230 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -102,7 +102,6 @@ int main( int argc, char *argv[] ) mbedtls_ecdsa_context ctx_sign, ctx_verify; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_sha256_context sha256_ctx; unsigned char message[100]; unsigned char hash[32]; unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; @@ -113,7 +112,6 @@ int main( int argc, char *argv[] ) mbedtls_ecdsa_init( &ctx_sign ); mbedtls_ecdsa_init( &ctx_verify ); mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_sha256_init( &sha256_ctx ); memset( sig, 0, sizeof( sig ) ); memset( message, 0x25, sizeof( message ) ); @@ -165,9 +163,11 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Computing message hash..." ); fflush( stdout ); - mbedtls_sha256_starts( &sha256_ctx, 0 ); - mbedtls_sha256_update( &sha256_ctx, message, sizeof( message ) ); - mbedtls_sha256_finish( &sha256_ctx, hash ); + if( ( ret = mbedtls_sha256_ext( message, sizeof( message ), hash, 0 ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_sha256_ext returned %d\n", ret ); + goto exit; + } mbedtls_printf( " ok\n" ); @@ -242,7 +242,6 @@ exit: mbedtls_ecdsa_free( &ctx_sign ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); - mbedtls_sha256_free( &sha256_ctx ); return( ret ); } diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index eb578e730..6ec7cf561 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -327,32 +327,32 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_MD4_C) if( todo.md4 ) - TIME_AND_TSC( "MD4", mbedtls_md4( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "MD4", mbedtls_md4_ext( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_MD5_C) if( todo.md5 ) - TIME_AND_TSC( "MD5", mbedtls_md5( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "MD5", mbedtls_md5_ext( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_RIPEMD160_C) if( todo.ripemd160 ) - TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ext( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA1_C) if( todo.sha1 ) - TIME_AND_TSC( "SHA-1", mbedtls_sha1( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "SHA-1", mbedtls_sha1_ext( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA256_C) if( todo.sha256 ) - TIME_AND_TSC( "SHA-256", mbedtls_sha256( buf, BUFSIZE, tmp, 0 ) ); + TIME_AND_TSC( "SHA-256", mbedtls_sha256_ext( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_SHA512_C) if( todo.sha512 ) - TIME_AND_TSC( "SHA-512", mbedtls_sha512( buf, BUFSIZE, tmp, 0 ) ); + TIME_AND_TSC( "SHA-512", mbedtls_sha512_ext( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_ARC4_C) From 5f872df26a8d96f35eb9a66b675eea7cc3e7d582 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 14:12:44 +0100 Subject: [PATCH 15/43] Change func ptrs to have ret val in MD layer This patch modifies the internal md context structure in md_wrap.c to add return values to the function pointers. This enables us to use the new API in the corresponding MD modules so that failures can be found at any point in an MD computation. --- include/mbedtls/md_internal.h | 12 +-- library/md_wrap.c | 171 ++++++++++++++++++---------------- 2 files changed, 97 insertions(+), 86 deletions(-) diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h index e2441bbc4..c20259816 100644 --- a/include/mbedtls/md_internal.h +++ b/include/mbedtls/md_internal.h @@ -58,17 +58,17 @@ struct mbedtls_md_info_t int block_size; /** Digest initialisation function */ - void (*starts_func)( void *ctx ); + int (*starts_func)( void *ctx ); /** Digest update function */ - void (*update_func)( void *ctx, const unsigned char *input, size_t ilen ); + int (*update_func)( void *ctx, const unsigned char *input, size_t ilen ); /** Digest finalisation function */ - void (*finish_func)( void *ctx, unsigned char *output ); + int (*finish_func)( void *ctx, unsigned char *output ); /** Generic digest function */ - void (*digest_func)( const unsigned char *input, size_t ilen, - unsigned char *output ); + int (*digest_func)( const unsigned char *input, size_t ilen, + unsigned char *output ); /** Allocate a new context */ void * (*ctx_alloc_func)( void ); @@ -80,7 +80,7 @@ struct mbedtls_md_info_t void (*clone_func)( void *dst, const void *src ); /** Internal use only */ - void (*process_func)( void *ctx, const unsigned char *input ); + int (*process_func)( void *ctx, const unsigned char *input ); }; #if defined(MBEDTLS_MD2_C) diff --git a/library/md_wrap.c b/library/md_wrap.c index 2cfcae200..bfd492736 100644 --- a/library/md_wrap.c +++ b/library/md_wrap.c @@ -71,20 +71,20 @@ #if defined(MBEDTLS_MD2_C) -static void md2_starts_wrap( void *ctx ) +static int md2_starts_wrap( void *ctx ) { - mbedtls_md2_starts( (mbedtls_md2_context *) ctx ); + return( mbedtls_md2_starts_ext( (mbedtls_md2_context *) ctx ) ); } -static void md2_update_wrap( void *ctx, const unsigned char *input, +static int md2_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - mbedtls_md2_update( (mbedtls_md2_context *) ctx, input, ilen ); + return( mbedtls_md2_update_ext( (mbedtls_md2_context *) ctx, input, ilen ) ); } -static void md2_finish_wrap( void *ctx, unsigned char *output ) +static int md2_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_md2_finish( (mbedtls_md2_context *) ctx, output ); + return( mbedtls_md2_finish_ext( (mbedtls_md2_context *) ctx, output ) ); } static void *md2_ctx_alloc( void ) @@ -109,11 +109,11 @@ static void md2_clone_wrap( void *dst, const void *src ) (const mbedtls_md2_context *) src ); } -static void md2_process_wrap( void *ctx, const unsigned char *data ) +static int md2_process_wrap( void *ctx, const unsigned char *data ) { ((void) data); - mbedtls_md2_process( (mbedtls_md2_context *) ctx ); + return( mbedtls_internal_md2_process( (mbedtls_md2_context *) ctx ) ); } const mbedtls_md_info_t mbedtls_md2_info = { @@ -124,7 +124,7 @@ const mbedtls_md_info_t mbedtls_md2_info = { md2_starts_wrap, md2_update_wrap, md2_finish_wrap, - mbedtls_md2, + mbedtls_md2_ext, md2_ctx_alloc, md2_ctx_free, md2_clone_wrap, @@ -135,20 +135,20 @@ const mbedtls_md_info_t mbedtls_md2_info = { #if defined(MBEDTLS_MD4_C) -static void md4_starts_wrap( void *ctx ) +static int md4_starts_wrap( void *ctx ) { - mbedtls_md4_starts( (mbedtls_md4_context *) ctx ); + return( mbedtls_md4_starts_ext( (mbedtls_md4_context *) ctx ) ); } -static void md4_update_wrap( void *ctx, const unsigned char *input, +static int md4_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - mbedtls_md4_update( (mbedtls_md4_context *) ctx, input, ilen ); + return( mbedtls_md4_update_ext( (mbedtls_md4_context *) ctx, input, ilen ) ); } -static void md4_finish_wrap( void *ctx, unsigned char *output ) +static int md4_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_md4_finish( (mbedtls_md4_context *) ctx, output ); + return( mbedtls_md4_finish_ext( (mbedtls_md4_context *) ctx, output ) ); } static void *md4_ctx_alloc( void ) @@ -170,12 +170,12 @@ static void md4_ctx_free( void *ctx ) static void md4_clone_wrap( void *dst, const void *src ) { mbedtls_md4_clone( (mbedtls_md4_context *) dst, - (const mbedtls_md4_context *) src ); + (const mbedtls_md4_context *) src ); } -static void md4_process_wrap( void *ctx, const unsigned char *data ) +static int md4_process_wrap( void *ctx, const unsigned char *data ) { - mbedtls_md4_process( (mbedtls_md4_context *) ctx, data ); + return( mbedtls_internal_md4_process( (mbedtls_md4_context *) ctx, data ) ); } const mbedtls_md_info_t mbedtls_md4_info = { @@ -186,7 +186,7 @@ const mbedtls_md_info_t mbedtls_md4_info = { md4_starts_wrap, md4_update_wrap, md4_finish_wrap, - mbedtls_md4, + mbedtls_md4_ext, md4_ctx_alloc, md4_ctx_free, md4_clone_wrap, @@ -197,20 +197,20 @@ const mbedtls_md_info_t mbedtls_md4_info = { #if defined(MBEDTLS_MD5_C) -static void md5_starts_wrap( void *ctx ) +static int md5_starts_wrap( void *ctx ) { - mbedtls_md5_starts( (mbedtls_md5_context *) ctx ); + return( mbedtls_md5_starts_ext( (mbedtls_md5_context *) ctx ) ); } -static void md5_update_wrap( void *ctx, const unsigned char *input, +static int md5_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - mbedtls_md5_update( (mbedtls_md5_context *) ctx, input, ilen ); + return( mbedtls_md5_update_ext( (mbedtls_md5_context *) ctx, input, ilen ) ); } -static void md5_finish_wrap( void *ctx, unsigned char *output ) +static int md5_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_md5_finish( (mbedtls_md5_context *) ctx, output ); + return( mbedtls_md5_finish_ext( (mbedtls_md5_context *) ctx, output ) ); } static void *md5_ctx_alloc( void ) @@ -232,12 +232,12 @@ static void md5_ctx_free( void *ctx ) static void md5_clone_wrap( void *dst, const void *src ) { mbedtls_md5_clone( (mbedtls_md5_context *) dst, - (const mbedtls_md5_context *) src ); + (const mbedtls_md5_context *) src ); } -static void md5_process_wrap( void *ctx, const unsigned char *data ) +static int md5_process_wrap( void *ctx, const unsigned char *data ) { - mbedtls_md5_process( (mbedtls_md5_context *) ctx, data ); + return( mbedtls_internal_md5_process( (mbedtls_md5_context *) ctx, data ) ); } const mbedtls_md_info_t mbedtls_md5_info = { @@ -248,7 +248,7 @@ const mbedtls_md_info_t mbedtls_md5_info = { md5_starts_wrap, md5_update_wrap, md5_finish_wrap, - mbedtls_md5, + mbedtls_md5_ext, md5_ctx_alloc, md5_ctx_free, md5_clone_wrap, @@ -259,20 +259,22 @@ const mbedtls_md_info_t mbedtls_md5_info = { #if defined(MBEDTLS_RIPEMD160_C) -static void ripemd160_starts_wrap( void *ctx ) +static int ripemd160_starts_wrap( void *ctx ) { - mbedtls_ripemd160_starts( (mbedtls_ripemd160_context *) ctx ); + return( mbedtls_ripemd160_starts_ext( (mbedtls_ripemd160_context *) ctx ) ); } -static void ripemd160_update_wrap( void *ctx, const unsigned char *input, +static int ripemd160_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - mbedtls_ripemd160_update( (mbedtls_ripemd160_context *) ctx, input, ilen ); + return( mbedtls_ripemd160_update_ext( (mbedtls_ripemd160_context *) ctx, + input, ilen ) ); } -static void ripemd160_finish_wrap( void *ctx, unsigned char *output ) +static int ripemd160_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_ripemd160_finish( (mbedtls_ripemd160_context *) ctx, output ); + return( mbedtls_ripemd160_finish_ext( (mbedtls_ripemd160_context *) ctx, + output ) ); } static void *ripemd160_ctx_alloc( void ) @@ -297,9 +299,10 @@ static void ripemd160_clone_wrap( void *dst, const void *src ) (const mbedtls_ripemd160_context *) src ); } -static void ripemd160_process_wrap( void *ctx, const unsigned char *data ) +static int ripemd160_process_wrap( void *ctx, const unsigned char *data ) { - mbedtls_ripemd160_process( (mbedtls_ripemd160_context *) ctx, data ); + return( mbedtls_internal_ripemd160_process( + (mbedtls_ripemd160_context *) ctx, data ) ); } const mbedtls_md_info_t mbedtls_ripemd160_info = { @@ -310,7 +313,7 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { ripemd160_starts_wrap, ripemd160_update_wrap, ripemd160_finish_wrap, - mbedtls_ripemd160, + mbedtls_ripemd160_ext, ripemd160_ctx_alloc, ripemd160_ctx_free, ripemd160_clone_wrap, @@ -321,20 +324,21 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { #if defined(MBEDTLS_SHA1_C) -static void sha1_starts_wrap( void *ctx ) +static int sha1_starts_wrap( void *ctx ) { - mbedtls_sha1_starts( (mbedtls_sha1_context *) ctx ); + return( mbedtls_sha1_starts_ext( (mbedtls_sha1_context *) ctx ) ); } -static void sha1_update_wrap( void *ctx, const unsigned char *input, +static int sha1_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - mbedtls_sha1_update( (mbedtls_sha1_context *) ctx, input, ilen ); + return( mbedtls_sha1_update_ext( (mbedtls_sha1_context *) ctx, + input, ilen ) ); } -static void sha1_finish_wrap( void *ctx, unsigned char *output ) +static int sha1_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_sha1_finish( (mbedtls_sha1_context *) ctx, output ); + return( mbedtls_sha1_finish_ext( (mbedtls_sha1_context *) ctx, output ) ); } static void *sha1_ctx_alloc( void ) @@ -359,9 +363,10 @@ static void sha1_ctx_free( void *ctx ) mbedtls_free( ctx ); } -static void sha1_process_wrap( void *ctx, const unsigned char *data ) +static int sha1_process_wrap( void *ctx, const unsigned char *data ) { - mbedtls_sha1_process( (mbedtls_sha1_context *) ctx, data ); + return( mbedtls_internal_sha1_process( (mbedtls_sha1_context *) ctx, + data ) ); } const mbedtls_md_info_t mbedtls_sha1_info = { @@ -372,7 +377,7 @@ const mbedtls_md_info_t mbedtls_sha1_info = { sha1_starts_wrap, sha1_update_wrap, sha1_finish_wrap, - mbedtls_sha1, + mbedtls_sha1_ext, sha1_ctx_alloc, sha1_ctx_free, sha1_clone_wrap, @@ -386,26 +391,28 @@ const mbedtls_md_info_t mbedtls_sha1_info = { */ #if defined(MBEDTLS_SHA256_C) -static void sha224_starts_wrap( void *ctx ) +static int sha224_starts_wrap( void *ctx ) { - mbedtls_sha256_starts( (mbedtls_sha256_context *) ctx, 1 ); + return( mbedtls_sha256_starts_ext( (mbedtls_sha256_context *) ctx, 1 ) ); } -static void sha224_update_wrap( void *ctx, const unsigned char *input, +static int sha224_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - mbedtls_sha256_update( (mbedtls_sha256_context *) ctx, input, ilen ); + return( mbedtls_sha256_update_ext( (mbedtls_sha256_context *) ctx, + input, ilen ) ); } -static void sha224_finish_wrap( void *ctx, unsigned char *output ) +static int sha224_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_sha256_finish( (mbedtls_sha256_context *) ctx, output ); + return( mbedtls_sha256_finish_ext( (mbedtls_sha256_context *) ctx, + output ) ); } -static void sha224_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) +static int sha224_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) { - mbedtls_sha256( input, ilen, output, 1 ); + return( mbedtls_sha256_ext( input, ilen, output, 1 ) ); } static void *sha224_ctx_alloc( void ) @@ -430,9 +437,10 @@ static void sha224_clone_wrap( void *dst, const void *src ) (const mbedtls_sha256_context *) src ); } -static void sha224_process_wrap( void *ctx, const unsigned char *data ) +static int sha224_process_wrap( void *ctx, const unsigned char *data ) { - mbedtls_sha256_process( (mbedtls_sha256_context *) ctx, data ); + return( mbedtls_internal_sha256_process( (mbedtls_sha256_context *) ctx, + data ) ); } const mbedtls_md_info_t mbedtls_sha224_info = { @@ -450,15 +458,15 @@ const mbedtls_md_info_t mbedtls_sha224_info = { sha224_process_wrap, }; -static void sha256_starts_wrap( void *ctx ) +static int sha256_starts_wrap( void *ctx ) { - mbedtls_sha256_starts( (mbedtls_sha256_context *) ctx, 0 ); + return( mbedtls_sha256_starts_ext( (mbedtls_sha256_context *) ctx, 0 ) ); } -static void sha256_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) +static int sha256_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) { - mbedtls_sha256( input, ilen, output, 0 ); + return( mbedtls_sha256_ext( input, ilen, output, 0 ) ); } const mbedtls_md_info_t mbedtls_sha256_info = { @@ -480,26 +488,28 @@ const mbedtls_md_info_t mbedtls_sha256_info = { #if defined(MBEDTLS_SHA512_C) -static void sha384_starts_wrap( void *ctx ) +static int sha384_starts_wrap( void *ctx ) { - mbedtls_sha512_starts( (mbedtls_sha512_context *) ctx, 1 ); + return( mbedtls_sha512_starts_ext( (mbedtls_sha512_context *) ctx, 1 ) ); } -static void sha384_update_wrap( void *ctx, const unsigned char *input, - size_t ilen ) +static int sha384_update_wrap( void *ctx, const unsigned char *input, + size_t ilen ) { - mbedtls_sha512_update( (mbedtls_sha512_context *) ctx, input, ilen ); + return( mbedtls_sha512_update_ext( (mbedtls_sha512_context *) ctx, + input, ilen ) ); } -static void sha384_finish_wrap( void *ctx, unsigned char *output ) +static int sha384_finish_wrap( void *ctx, unsigned char *output ) { - mbedtls_sha512_finish( (mbedtls_sha512_context *) ctx, output ); + return( mbedtls_sha512_finish_ext( (mbedtls_sha512_context *) ctx, + output ) ); } -static void sha384_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) +static int sha384_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) { - mbedtls_sha512( input, ilen, output, 1 ); + return( mbedtls_sha512_ext( input, ilen, output, 1 ) ); } static void *sha384_ctx_alloc( void ) @@ -524,9 +534,10 @@ static void sha384_clone_wrap( void *dst, const void *src ) (const mbedtls_sha512_context *) src ); } -static void sha384_process_wrap( void *ctx, const unsigned char *data ) +static int sha384_process_wrap( void *ctx, const unsigned char *data ) { - mbedtls_sha512_process( (mbedtls_sha512_context *) ctx, data ); + return( mbedtls_internal_sha512_process( (mbedtls_sha512_context *) ctx, + data ) ); } const mbedtls_md_info_t mbedtls_sha384_info = { @@ -544,15 +555,15 @@ const mbedtls_md_info_t mbedtls_sha384_info = { sha384_process_wrap, }; -static void sha512_starts_wrap( void *ctx ) +static int sha512_starts_wrap( void *ctx ) { - mbedtls_sha512_starts( (mbedtls_sha512_context *) ctx, 0 ); + return( mbedtls_sha512_starts_ext( (mbedtls_sha512_context *) ctx, 0 ) ); } -static void sha512_wrap( const unsigned char *input, size_t ilen, - unsigned char *output ) +static int sha512_wrap( const unsigned char *input, size_t ilen, + unsigned char *output ) { - mbedtls_sha512( input, ilen, output, 0 ); + return( mbedtls_sha512_ext( input, ilen, output, 0 ) ); } const mbedtls_md_info_t mbedtls_sha512_info = { From 0dd4fa0f45f0e426eaa3e2c8a058c32b6ff087eb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 14:16:07 +0100 Subject: [PATCH 16/43] Fix functions in MD layer to check return codes --- library/md.c | 101 +++++++++++++++++++++++++++------------------------ 1 file changed, 54 insertions(+), 47 deletions(-) diff --git a/library/md.c b/library/md.c index eda98f636..a84f3042d 100644 --- a/library/md.c +++ b/library/md.c @@ -250,9 +250,7 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ) if( ctx == NULL || ctx->md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - ctx->md_info->starts_func( ctx->md_ctx ); - - return( 0 ); + return( ctx->md_info->starts_func( ctx->md_ctx ) ); } int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) @@ -260,9 +258,7 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si if( ctx == NULL || ctx->md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - ctx->md_info->update_func( ctx->md_ctx, input, ilen ); - - return( 0 ); + return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); } int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) @@ -270,9 +266,7 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) if( ctx == NULL || ctx->md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - ctx->md_info->finish_func( ctx->md_ctx, output ); - - return( 0 ); + return( ctx->md_info->finish_func( ctx->md_ctx, output ) ); } int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, @@ -281,9 +275,7 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si if( md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - md_info->digest_func( input, ilen, output ); - - return( 0 ); + return( md_info->digest_func( input, ilen, output ) ); } #if defined(MBEDTLS_FS_IO) @@ -306,10 +298,12 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) goto cleanup; - md_info->starts_func( ctx.md_ctx ); + if( ( ret = md_info->starts_func( ctx.md_ctx ) ) != 0 ) + goto cleanup; while( ( n = fread( buf, 1, sizeof( buf ), f ) ) > 0 ) - md_info->update_func( ctx.md_ctx, buf, n ); + if( ( ret = md_info->update_func( ctx.md_ctx, buf, n ) ) != 0 ) + goto cleanup; if( ferror( f ) != 0 ) { @@ -317,7 +311,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigne goto cleanup; } - md_info->finish_func( ctx.md_ctx, output ); + ret = md_info->finish_func( ctx.md_ctx, output ); cleanup: fclose( f ); @@ -329,6 +323,7 @@ cleanup: int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen ) { + int ret; unsigned char sum[MBEDTLS_MD_MAX_SIZE]; unsigned char *ipad, *opad; size_t i; @@ -338,9 +333,12 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, if( keylen > (size_t) ctx->md_info->block_size ) { - ctx->md_info->starts_func( ctx->md_ctx ); - ctx->md_info->update_func( ctx->md_ctx, key, keylen ); - ctx->md_info->finish_func( ctx->md_ctx, sum ); + if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + goto cleanup; + if( ( ret = ctx->md_info->update_func( ctx->md_ctx, key, keylen ) ) != 0 ) + goto cleanup; + if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, sum ) ) != 0 ) + goto cleanup; keylen = ctx->md_info->size; key = sum; @@ -358,12 +356,15 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, opad[i] = (unsigned char)( opad[i] ^ key[i] ); } + if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + goto cleanup; + ret = ctx->md_info->update_func( ctx->md_ctx, ipad, + ctx->md_info->block_size ); + +cleanup: mbedtls_zeroize( sum, sizeof( sum ) ); - ctx->md_info->starts_func( ctx->md_ctx ); - ctx->md_info->update_func( ctx->md_ctx, ipad, ctx->md_info->block_size ); - - return( 0 ); + return( ret ); } int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen ) @@ -371,13 +372,12 @@ int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *inpu if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - ctx->md_info->update_func( ctx->md_ctx, input, ilen ); - - return( 0 ); + return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) ); } int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) { + int ret; unsigned char tmp[MBEDTLS_MD_MAX_SIZE]; unsigned char *opad; @@ -386,17 +386,22 @@ int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output ) opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size; - ctx->md_info->finish_func( ctx->md_ctx, tmp ); - ctx->md_info->starts_func( ctx->md_ctx ); - ctx->md_info->update_func( ctx->md_ctx, opad, ctx->md_info->block_size ); - ctx->md_info->update_func( ctx->md_ctx, tmp, ctx->md_info->size ); - ctx->md_info->finish_func( ctx->md_ctx, output ); - - return( 0 ); + if( ( ret = ctx->md_info->finish_func( ctx->md_ctx, tmp ) ) != 0 ) + return( ret ); + if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + return( ret ); + if( ( ret = ctx->md_info->update_func( ctx->md_ctx, opad, + ctx->md_info->block_size ) ) != 0 ) + return( ret ); + if( ( ret = ctx->md_info->update_func( ctx->md_ctx, tmp, + ctx->md_info->size ) ) != 0 ) + return( ret ); + return( ctx->md_info->finish_func( ctx->md_ctx, output ) ); } int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) { + int ret; unsigned char *ipad; if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL ) @@ -404,15 +409,16 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx ) ipad = (unsigned char *) ctx->hmac_ctx; - ctx->md_info->starts_func( ctx->md_ctx ); - ctx->md_info->update_func( ctx->md_ctx, ipad, ctx->md_info->block_size ); - - return( 0 ); + if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) + return( ret ); + return( ctx->md_info->update_func( ctx->md_ctx, ipad, + ctx->md_info->block_size ) ); } -int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, - const unsigned char *input, size_t ilen, - unsigned char *output ) +int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, + const unsigned char *key, size_t keylen, + const unsigned char *input, size_t ilen, + unsigned char *output ) { mbedtls_md_context_t ctx; int ret; @@ -423,15 +429,18 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, mbedtls_md_init( &ctx ); if( ( ret = mbedtls_md_setup( &ctx, md_info, 1 ) ) != 0 ) - return( ret ); + goto cleanup; - mbedtls_md_hmac_starts( &ctx, key, keylen ); - mbedtls_md_hmac_update( &ctx, input, ilen ); - mbedtls_md_hmac_finish( &ctx, output ); + if( ( ret = mbedtls_md_hmac_starts( &ctx, key, keylen ) ) != 0 ) + goto cleanup; + if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 ) + goto cleanup; + ret = mbedtls_md_hmac_finish( &ctx, output ); +cleanup: mbedtls_md_free( &ctx ); - return( 0 ); + return( ret ); } int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) @@ -439,9 +448,7 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) if( ctx == NULL || ctx->md_info == NULL ) return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); - ctx->md_info->process_func( ctx->md_ctx, data ); - - return( 0 ); + return( ctx->md_info->process_func( ctx->md_ctx, data ) ); } unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info ) From 8d08c4489ea2676f64c0b8f6eca6a9fe458b9f72 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 29 Jun 2017 11:16:38 +0100 Subject: [PATCH 17/43] Change pem to use new MD API and check ret code --- library/pem.c | 99 ++++++++++++++++++++++++++++++++++----------------- 1 file changed, 66 insertions(+), 33 deletions(-) diff --git a/library/pem.c b/library/pem.c index 8dd86a4ac..5303adcc4 100644 --- a/library/pem.c +++ b/library/pem.c @@ -82,31 +82,33 @@ static int pem_get_iv( const unsigned char *s, unsigned char *iv, return( 0 ); } -static void pem_pbkdf1( unsigned char *key, size_t keylen, - unsigned char *iv, - const unsigned char *pwd, size_t pwdlen ) +static int pem_pbkdf1( unsigned char *key, size_t keylen, + unsigned char *iv, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_md5_context md5_ctx; unsigned char md5sum[16]; size_t use_len; + int ret; mbedtls_md5_init( &md5_ctx ); /* * key[ 0..15] = MD5(pwd || IV) */ - mbedtls_md5_starts( &md5_ctx ); - mbedtls_md5_update( &md5_ctx, pwd, pwdlen ); - mbedtls_md5_update( &md5_ctx, iv, 8 ); - mbedtls_md5_finish( &md5_ctx, md5sum ); + if( ( ret = mbedtls_md5_starts_ext( &md5_ctx ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5_ctx, pwd, pwdlen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5_ctx, iv, 8 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_finish_ext( &md5_ctx, md5sum ) ) != 0 ) + goto exit; if( keylen <= 16 ) { memcpy( key, md5sum, keylen ); - - mbedtls_md5_free( &md5_ctx ); - mbedtls_zeroize( md5sum, 16 ); - return; + goto exit; } memcpy( key, md5sum, 16 ); @@ -114,11 +116,16 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen, /* * key[16..23] = MD5(key[ 0..15] || pwd || IV]) */ - mbedtls_md5_starts( &md5_ctx ); - mbedtls_md5_update( &md5_ctx, md5sum, 16 ); - mbedtls_md5_update( &md5_ctx, pwd, pwdlen ); - mbedtls_md5_update( &md5_ctx, iv, 8 ); - mbedtls_md5_finish( &md5_ctx, md5sum ); + if( ( ret = mbedtls_md5_starts_ext( &md5_ctx ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5_ctx, md5sum, 16 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5_ctx, pwd, pwdlen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5_ctx, iv, 8 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_finish_ext( &md5_ctx, md5sum ) ) != 0 ) + goto exit; use_len = 16; if( keylen < 32 ) @@ -126,53 +133,66 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen, memcpy( key + 16, md5sum, use_len ); +exit: mbedtls_md5_free( &md5_ctx ); mbedtls_zeroize( md5sum, 16 ); + + return( ret ); } #if defined(MBEDTLS_DES_C) /* * Decrypt with DES-CBC, using PBKDF1 for key derivation */ -static void pem_des_decrypt( unsigned char des_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_des_decrypt( unsigned char des_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_des_context des_ctx; unsigned char des_key[8]; + int ret; mbedtls_des_init( &des_ctx ); - pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ); + if( ( ret = pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ) ) != 0 ) + goto exit; mbedtls_des_setkey_dec( &des_ctx, des_key ); mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen, des_iv, buf, buf ); +exit: mbedtls_des_free( &des_ctx ); mbedtls_zeroize( des_key, 8 ); + + return( ret ); } /* * Decrypt with 3DES-CBC, using PBKDF1 for key derivation */ -static void pem_des3_decrypt( unsigned char des3_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_des3_decrypt( unsigned char des3_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_des3_context des3_ctx; unsigned char des3_key[24]; + int ret; mbedtls_des3_init( &des3_ctx ); - pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ); + if( ( ret = pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ) ) != 0 ) + goto exit; mbedtls_des3_set3key_dec( &des3_ctx, des3_key ); mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen, des3_iv, buf, buf ); +exit: mbedtls_des3_free( &des3_ctx ); mbedtls_zeroize( des3_key, 24 ); + + return( ret ); } #endif /* MBEDTLS_DES_C */ @@ -180,23 +200,28 @@ static void pem_des3_decrypt( unsigned char des3_iv[8], /* * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation */ -static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_aes_context aes_ctx; unsigned char aes_key[32]; + int ret; mbedtls_aes_init( &aes_ctx ); - pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ); + if( ( ret = pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ) ) != 0 ) + goto exit; mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ); mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen, aes_iv, buf, buf ); +exit: mbedtls_aes_free( &aes_ctx ); mbedtls_zeroize( aes_key, keylen ); + + return( ret ); } #endif /* MBEDTLS_AES_C */ @@ -345,22 +370,30 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); } + ret = 0; + #if defined(MBEDTLS_DES_C) if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC ) - pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); + ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_DES_CBC ) - pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); + ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC ) - pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC ) - pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC ) - pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); #endif /* MBEDTLS_AES_C */ + if( ret != 0 ) + { + mbedtls_free( buf ); + return( ret ); + } + /* * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3 * length bytes (allow 4 to be sure) in all known use cases. From 207cea57f984fa90e3ad2f6982cd18278b9db320 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 29 Jun 2017 13:28:13 +0100 Subject: [PATCH 18/43] Change entropy to use new MD API and check ret code --- library/entropy.c | 51 ++++++++++++++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 18 deletions(-) diff --git a/library/entropy.c b/library/entropy.c index d4d1b27b7..72e0773cf 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -75,9 +75,9 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) #endif #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_starts( &ctx->accumulator, 0 ); + mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ); #else - mbedtls_sha256_starts( &ctx->accumulator, 0 ); + mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ); #endif #if defined(MBEDTLS_HAVEGE_C) mbedtls_havege_init( &ctx->havege_data ); @@ -172,13 +172,16 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE]; size_t use_len = len; const unsigned char *p = data; + int ret; if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE ) { #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512( data, len, tmp, 0 ); + if( ( ret = mbedtls_sha512_ext( data, len, tmp, 0 ) ) != 0 ) + return( ret ); #else - mbedtls_sha256( data, len, tmp, 0 ); + if( ( ret = mbedtls_sha256_ext( data, len, tmp, 0 ) ) != 0 ) + return( ret ); #endif p = tmp; use_len = MBEDTLS_ENTROPY_BLOCK_SIZE; @@ -188,14 +191,14 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id header[1] = use_len & 0xFF; #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_update( &ctx->accumulator, header, 2 ); - mbedtls_sha512_update( &ctx->accumulator, p, use_len ); + if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, header, 2 ) ) != 0 ) + return( ret ); + return( mbedtls_sha512_update_ext( &ctx->accumulator, p, use_len ) ); #else - mbedtls_sha256_update( &ctx->accumulator, header, 2 ); - mbedtls_sha256_update( &ctx->accumulator, p, use_len ); + if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, header, 2 ) ) != 0 ) + return( ret ); + return( mbedtls_sha256_update_ext( &ctx->accumulator, p, use_len ) ); #endif - - return( 0 ); } int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx, @@ -333,33 +336,45 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_finish( &ctx->accumulator, buf ); + if( ( ret = mbedtls_sha512_finish_ext( &ctx->accumulator, buf ) ) != 0 ) + goto exit; /* * Reset accumulator and counters and recycle existing entropy */ memset( &ctx->accumulator, 0, sizeof( mbedtls_sha512_context ) ); - mbedtls_sha512_starts( &ctx->accumulator, 0 ); - mbedtls_sha512_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + if( ( ret = mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, buf, + MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) + goto exit; /* * Perform second SHA-512 on entropy */ - mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 ); + if( ( ret = mbedtls_sha512_ext( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + buf, 0 ) ) != 0 ) + goto exit; #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ - mbedtls_sha256_finish( &ctx->accumulator, buf ); + if( ( ret = mbedtls_sha256_finish_ext( &ctx->accumulator, buf ) ) != 0 ) + goto exit; /* * Reset accumulator and counters and recycle existing entropy */ memset( &ctx->accumulator, 0, sizeof( mbedtls_sha256_context ) ); - mbedtls_sha256_starts( &ctx->accumulator, 0 ); - mbedtls_sha256_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ); + if( ( ret = mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, buf, + MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) + goto exit; /* * Perform second SHA-256 on entropy */ - mbedtls_sha256( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 ); + if( ( ret = mbedtls_sha256_ext( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + buf, 0 ) ) != 0 ) + goto exit; #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ for( i = 0; i < ctx->source_count; i++ ) From a7559cb7bab36b1da981f13073f1bcdc311f3407 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 29 Jun 2017 16:12:31 +0100 Subject: [PATCH 19/43] Fix entropy module to work with hw accelerator This patch modifies the entropy.c module to ensure that the sha256 and sha512 contexts are correctly initialised and freed instead of skipping these calls or simply zeroizing with memset() or mbedtls_zeroize(). This is important as the sha contexts might otherwise leak memory or other resources, and even more so in the context of hardware accelerators where the configuration of the device might be done in the init and free calls. --- library/entropy.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/library/entropy.c b/library/entropy.c index 72e0773cf..06dec9956 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -68,15 +68,18 @@ static void mbedtls_zeroize( void *v, size_t n ) { void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) { - memset( ctx, 0, sizeof(mbedtls_entropy_context) ); + ctx->source_count = 0; + memset( ctx->source, 0, sizeof( ctx->source ) ); #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_init( &ctx->mutex ); #endif #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) + mbedtls_sha512_init( &ctx->accumulator ); mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ); #else + mbedtls_sha256_init( &ctx->accumulator ); mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ); #endif #if defined(MBEDTLS_HAVEGE_C) @@ -113,6 +116,7 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) mbedtls_entropy_add_source( ctx, mbedtls_nv_seed_poll, NULL, MBEDTLS_ENTROPY_BLOCK_SIZE, MBEDTLS_ENTROPY_SOURCE_STRONG ); + ctx->initial_entropy_run = 0; #endif #endif /* MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES */ } @@ -125,7 +129,16 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx ) #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &ctx->mutex ); #endif - mbedtls_zeroize( ctx, sizeof( mbedtls_entropy_context ) ); +#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) + mbedtls_sha512_free( &ctx->accumulator ); +#else + mbedtls_sha256_free( &ctx->accumulator ); +#endif +#if defined(MBEDTLS_ENTROPY_NV_SEED) + ctx->initial_entropy_run = 0; +#endif + ctx->source_count = 0; + mbedtls_zeroize( ctx->source, sizeof( ctx->source ) ); } int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, @@ -342,7 +355,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) /* * Reset accumulator and counters and recycle existing entropy */ - memset( &ctx->accumulator, 0, sizeof( mbedtls_sha512_context ) ); + mbedtls_sha512_free( &ctx->accumulator ); + mbedtls_sha512_init( &ctx->accumulator ); if( ( ret = mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) goto exit; if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, buf, @@ -362,7 +376,8 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) /* * Reset accumulator and counters and recycle existing entropy */ - memset( &ctx->accumulator, 0, sizeof( mbedtls_sha256_context ) ); + mbedtls_sha256_free( &ctx->accumulator ); + mbedtls_sha256_init( &ctx->accumulator ); if( ( ret = mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) goto exit; if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, buf, From 95869c4934bd695d808ded3954c6a26c73fe2710 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 29 Jun 2017 16:31:44 +0100 Subject: [PATCH 20/43] Do not start md accumulator in mbedtls_entropy_init This change moves the calls to mbedtls_sha256_starts() and mbedtls_sha512_starts() out of the mbedtls_entropy_init() function as these now have return codes which need to be checked. --- include/mbedtls/entropy.h | 1 + library/entropy.c | 23 ++++++++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index 747aca4df..addb9616c 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -121,6 +121,7 @@ mbedtls_entropy_source_state; */ typedef struct { + int accumulator_started; #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) mbedtls_sha512_context accumulator; #else diff --git a/library/entropy.c b/library/entropy.c index 06dec9956..67ec9010c 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -75,12 +75,11 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) mbedtls_mutex_init( &ctx->mutex ); #endif + ctx->accumulator_started = 0; #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) mbedtls_sha512_init( &ctx->accumulator ); - mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ); #else mbedtls_sha256_init( &ctx->accumulator ); - mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ); #endif #if defined(MBEDTLS_HAVEGE_C) mbedtls_havege_init( &ctx->havege_data ); @@ -139,6 +138,7 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx ) #endif ctx->source_count = 0; mbedtls_zeroize( ctx->source, sizeof( ctx->source ) ); + ctx->accumulator_started = 0; } int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, @@ -203,11 +203,26 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id header[0] = source_id; header[1] = use_len & 0xFF; + /* + * Start the accumulator if this has not already happened. Note that + * it is sufficient to start the accumulator here only because all calls to + * gather entropy eventually execute this code. + */ #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) + if( ctx->accumulator_started == 0 && + ( ret = mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + return( ret ); + else + ctx->accumulator_started = 1; if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, header, 2 ) ) != 0 ) return( ret ); return( mbedtls_sha512_update_ext( &ctx->accumulator, p, use_len ) ); #else + if( ctx->accumulator_started == 0 && + ( ret = mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + return( ret ); + else + ctx->accumulator_started = 1; if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, header, 2 ) ) != 0 ) return( ret ); return( mbedtls_sha256_update_ext( &ctx->accumulator, p, use_len ) ); @@ -266,7 +281,9 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx ) */ if( olen > 0 ) { - entropy_update( ctx, (unsigned char) i, buf, olen ); + if( ( ret = entropy_update( ctx, (unsigned char) i, + buf, olen ) ) != 0 ) + return( ret ); ctx->source[i].size += olen; } } From 1a607a1b9aed054ed3cc14e882997b01da1c5807 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 29 Jun 2017 17:09:42 +0100 Subject: [PATCH 21/43] Change ssl_tls to use new MD API and check ret code --- library/ssl_tls.c | 147 +++++++++++++++++++++++++--------------------- 1 file changed, 79 insertions(+), 68 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae7065..b04917d14 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -221,6 +221,7 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen ) { + int ret; size_t i; mbedtls_md5_context md5; mbedtls_sha1_context sha1; @@ -243,25 +244,35 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, { memset( padding, (unsigned char) ('A' + i), 1 + i ); - mbedtls_sha1_starts( &sha1 ); - mbedtls_sha1_update( &sha1, padding, 1 + i ); - mbedtls_sha1_update( &sha1, secret, slen ); - mbedtls_sha1_update( &sha1, random, rlen ); - mbedtls_sha1_finish( &sha1, sha1sum ); + if( ( ret = mbedtls_sha1_starts_ext( &sha1 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_sha1_update_ext( &sha1, padding, 1 + i ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_sha1_update_ext( &sha1, secret, slen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_sha1_update_ext( &sha1, random, rlen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_sha1_finish_ext( &sha1, sha1sum ) ) != 0 ) + goto exit; - mbedtls_md5_starts( &md5 ); - mbedtls_md5_update( &md5, secret, slen ); - mbedtls_md5_update( &md5, sha1sum, 20 ); - mbedtls_md5_finish( &md5, dstbuf + i * 16 ); + if( ( ret = mbedtls_md5_starts_ext( &md5 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5, secret, slen ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_update_ext( &md5, sha1sum, 20 ) ) != 0 ) + goto exit; + if( ( ret = mbedtls_md5_finish_ext( &md5, dstbuf + i * 16 ) ) != 0 ) + goto exit; } +exit: mbedtls_md5_free( &md5 ); mbedtls_sha1_free( &sha1 ); mbedtls_zeroize( padding, sizeof( padding ) ); mbedtls_zeroize( sha1sum, sizeof( sha1sum ) ); - return( 0 ); + return( ret ); } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ @@ -978,25 +989,25 @@ void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] ) memset( pad_1, 0x36, 48 ); memset( pad_2, 0x5C, 48 ); - mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); - mbedtls_md5_update( &md5, pad_1, 48 ); - mbedtls_md5_finish( &md5, hash ); + mbedtls_md5_update_ext( &md5, ssl->session_negotiate->master, 48 ); + mbedtls_md5_update_ext( &md5, pad_1, 48 ); + mbedtls_md5_finish_ext( &md5, hash ); - mbedtls_md5_starts( &md5 ); - mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 ); - mbedtls_md5_update( &md5, pad_2, 48 ); - mbedtls_md5_update( &md5, hash, 16 ); - mbedtls_md5_finish( &md5, hash ); + mbedtls_md5_starts_ext( &md5 ); + mbedtls_md5_update_ext( &md5, ssl->session_negotiate->master, 48 ); + mbedtls_md5_update_ext( &md5, pad_2, 48 ); + mbedtls_md5_update_ext( &md5, hash, 16 ); + mbedtls_md5_finish_ext( &md5, hash ); - mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); - mbedtls_sha1_update( &sha1, pad_1, 40 ); - mbedtls_sha1_finish( &sha1, hash + 16 ); + mbedtls_sha1_update_ext( &sha1, ssl->session_negotiate->master, 48 ); + mbedtls_sha1_update_ext( &sha1, pad_1, 40 ); + mbedtls_sha1_finish_ext( &sha1, hash + 16 ); - mbedtls_sha1_starts( &sha1 ); - mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 ); - mbedtls_sha1_update( &sha1, pad_2, 40 ); - mbedtls_sha1_update( &sha1, hash + 16, 20 ); - mbedtls_sha1_finish( &sha1, hash + 16 ); + mbedtls_sha1_starts_ext( &sha1 ); + mbedtls_sha1_update_ext( &sha1, ssl->session_negotiate->master, 48 ); + mbedtls_sha1_update_ext( &sha1, pad_2, 40 ); + mbedtls_sha1_update_ext( &sha1, hash + 16, 20 ); + mbedtls_sha1_finish_ext( &sha1, hash + 16 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -1022,8 +1033,8 @@ void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] ) mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); - mbedtls_md5_finish( &md5, hash ); - mbedtls_sha1_finish( &sha1, hash + 16 ); + mbedtls_md5_finish_ext( &md5, hash ); + mbedtls_sha1_finish_ext( &sha1, hash + 16 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -1046,7 +1057,7 @@ void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); - mbedtls_sha256_finish( &sha256, hash ); + mbedtls_sha256_finish_ext( &sha256, hash ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -1067,7 +1078,7 @@ void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); - mbedtls_sha512_finish( &sha512, hash ); + mbedtls_sha512_finish_ext( &sha512, hash ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -4836,15 +4847,15 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_starts( &ssl->handshake->fin_md5 ); - mbedtls_sha1_starts( &ssl->handshake->fin_sha1 ); + mbedtls_md5_starts_ext( &ssl->handshake->fin_md5 ); + mbedtls_sha1_starts_ext( &ssl->handshake->fin_sha1 ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) - mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 ); + mbedtls_sha256_starts_ext( &ssl->handshake->fin_sha256, 0 ); #endif #if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 ); + mbedtls_sha512_starts_ext( &ssl->handshake->fin_sha512, 1 ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } @@ -4854,15 +4865,15 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, { #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); - mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); + mbedtls_md5_update_ext( &ssl->handshake->fin_md5 , buf, len ); + mbedtls_sha1_update_ext( &ssl->handshake->fin_sha1, buf, len ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) - mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update_ext( &ssl->handshake->fin_sha256, buf, len ); #endif #if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update_ext( &ssl->handshake->fin_sha512, buf, len ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } @@ -4872,8 +4883,8 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len ); - mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len ); + mbedtls_md5_update_ext( &ssl->handshake->fin_md5 , buf, len ); + mbedtls_sha1_update_ext( &ssl->handshake->fin_sha1, buf, len ); } #endif @@ -4882,7 +4893,7 @@ static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update_ext( &ssl->handshake->fin_sha256, buf, len ); } #endif @@ -4890,7 +4901,7 @@ static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update_ext( &ssl->handshake->fin_sha512, buf, len ); } #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -4943,29 +4954,29 @@ static void ssl_calc_finished_ssl( memset( padbuf, 0x36, 48 ); - mbedtls_md5_update( &md5, (const unsigned char *) sender, 4 ); - mbedtls_md5_update( &md5, session->master, 48 ); - mbedtls_md5_update( &md5, padbuf, 48 ); - mbedtls_md5_finish( &md5, md5sum ); + mbedtls_md5_update_ext( &md5, (const unsigned char *) sender, 4 ); + mbedtls_md5_update_ext( &md5, session->master, 48 ); + mbedtls_md5_update_ext( &md5, padbuf, 48 ); + mbedtls_md5_finish_ext( &md5, md5sum ); - mbedtls_sha1_update( &sha1, (const unsigned char *) sender, 4 ); - mbedtls_sha1_update( &sha1, session->master, 48 ); - mbedtls_sha1_update( &sha1, padbuf, 40 ); - mbedtls_sha1_finish( &sha1, sha1sum ); + mbedtls_sha1_update_ext( &sha1, (const unsigned char *) sender, 4 ); + mbedtls_sha1_update_ext( &sha1, session->master, 48 ); + mbedtls_sha1_update_ext( &sha1, padbuf, 40 ); + mbedtls_sha1_finish_ext( &sha1, sha1sum ); memset( padbuf, 0x5C, 48 ); - mbedtls_md5_starts( &md5 ); - mbedtls_md5_update( &md5, session->master, 48 ); - mbedtls_md5_update( &md5, padbuf, 48 ); - mbedtls_md5_update( &md5, md5sum, 16 ); - mbedtls_md5_finish( &md5, buf ); + mbedtls_md5_starts_ext( &md5 ); + mbedtls_md5_update_ext( &md5, session->master, 48 ); + mbedtls_md5_update_ext( &md5, padbuf, 48 ); + mbedtls_md5_update_ext( &md5, md5sum, 16 ); + mbedtls_md5_finish_ext( &md5, buf ); - mbedtls_sha1_starts( &sha1 ); - mbedtls_sha1_update( &sha1, session->master, 48 ); - mbedtls_sha1_update( &sha1, padbuf , 40 ); - mbedtls_sha1_update( &sha1, sha1sum, 20 ); - mbedtls_sha1_finish( &sha1, buf + 16 ); + mbedtls_sha1_starts_ext( &sha1 ); + mbedtls_sha1_update_ext( &sha1, session->master, 48 ); + mbedtls_sha1_update_ext( &sha1, padbuf , 40 ); + mbedtls_sha1_update_ext( &sha1, sha1sum, 20 ); + mbedtls_sha1_finish_ext( &sha1, buf + 16 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 ); @@ -5022,8 +5033,8 @@ static void ssl_calc_finished_tls( ? "client finished" : "server finished"; - mbedtls_md5_finish( &md5, padbuf ); - mbedtls_sha1_finish( &sha1, padbuf + 16 ); + mbedtls_md5_finish_ext( &md5, padbuf ); + mbedtls_sha1_finish_ext( &sha1, padbuf + 16 ); ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 36, buf, len ); @@ -5074,7 +5085,7 @@ static void ssl_calc_finished_tls_sha256( ? "client finished" : "server finished"; - mbedtls_sha256_finish( &sha256, padbuf ); + mbedtls_sha256_finish_ext( &sha256, padbuf ); ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 32, buf, len ); @@ -5123,7 +5134,7 @@ static void ssl_calc_finished_tls_sha384( ? "client finished" : "server finished"; - mbedtls_sha512_finish( &sha512, padbuf ); + mbedtls_sha512_finish_ext( &sha512, padbuf ); ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 48, buf, len ); @@ -5437,17 +5448,17 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) defined(MBEDTLS_SSL_PROTO_TLS1_1) mbedtls_md5_init( &handshake->fin_md5 ); mbedtls_sha1_init( &handshake->fin_sha1 ); - mbedtls_md5_starts( &handshake->fin_md5 ); - mbedtls_sha1_starts( &handshake->fin_sha1 ); + mbedtls_md5_starts_ext( &handshake->fin_md5 ); + mbedtls_sha1_starts_ext( &handshake->fin_sha1 ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) mbedtls_sha256_init( &handshake->fin_sha256 ); - mbedtls_sha256_starts( &handshake->fin_sha256, 0 ); + mbedtls_sha256_starts_ext( &handshake->fin_sha256, 0 ); #endif #if defined(MBEDTLS_SHA512_C) mbedtls_sha512_init( &handshake->fin_sha512 ); - mbedtls_sha512_starts( &handshake->fin_sha512, 1 ); + mbedtls_sha512_starts_ext( &handshake->fin_sha512, 1 ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ From 276ebb650ed631c6748486d2f3344ed83b763a6a Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 3 Jul 2017 11:16:57 +0100 Subject: [PATCH 22/43] Add stdlib.h include to hello.c sample --- programs/hash/hello.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/hash/hello.c b/programs/hash/hello.c index a69154f55..a0c08c734 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -28,6 +28,7 @@ #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else +#include #include #define mbedtls_printf printf #define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS From 7a005e2fa413fa828309221bb3ce03360c432aaa Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 3 Jul 2017 14:42:34 +0100 Subject: [PATCH 23/43] Remove invalid doxygen docs from deprecated func --- include/mbedtls/md2.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 2c133a2aa..1d81c2844 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -225,8 +225,6 @@ int mbedtls_md2_ext( const unsigned char *input, * \param input buffer holding the data * \param ilen length of the input data * \param output MD2 checksum result - * - * \return 0 if successful */ MBEDTLS_DEPRECATED static inline void mbedtls_md2( const unsigned char *input, size_t ilen, From f01a644aac123e2dc6f1d119a5f9fd9959bc9673 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 3 Jul 2017 16:00:59 +0100 Subject: [PATCH 24/43] Add ChangeLog entry --- ChangeLog | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ChangeLog b/ChangeLog index 2f0116bcf..0c8f541d0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,27 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x released xxxx-xx-xx + +Bugfix + * Fix the entropy.c module to not call mbedtls_sha256_starts() or + mbedtls_sha512_starts() in the mbedtls_entropy_init() function. + * Fix the entropy.c module to ensure that mbedtls_sha256_init() or + mbedtls_sha512_init() is called before operating on the relevant context + structure. Also, ensure that message digest contexts are freed when + calling mbedtls_entropy_free(). + +API Changes + * The following functions in the MD2, MD4, MD5, SHA1, SHA256 and SHA512 + modules have been deprecated and replaced as shown below. The new + functions change the return type from void to int to allow returning error + codes when using MBEDTLS__ALT. + mbedtls__starts() -> mbedtls__starts_ext() + mbedtls__update() -> mbedtls__update_ext() + mbedtls__finish() -> mbedtls__finish_ext() + mbedtls__process() -> mbedtls_internal__process() + The type of the function pointers in the mbedtls_md_info_t struct have + also been modified taking into account the functions return code. + = mbed TLS 2.5.1 released 2017-06-21 Security From a21247ead7d64298ca1e9194b39447954566ceb6 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 14:01:08 +0100 Subject: [PATCH 25/43] Remove unwanted whitespace in MD comments --- include/mbedtls/md2.h | 8 ++++---- include/mbedtls/md4.h | 8 ++++---- include/mbedtls/md5.h | 8 ++++---- include/mbedtls/ripemd160.h | 8 ++++---- include/mbedtls/sha1.h | 8 ++++---- include/mbedtls/sha256.h | 8 ++++---- include/mbedtls/sha512.h | 8 ++++---- 7 files changed, 28 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 1d81c2844..2a14b1002 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -92,7 +92,7 @@ int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ); * \brief MD2 process buffer * * \param ctx MD2 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -146,7 +146,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( * \deprecated Superseded by mbedtls_md2_update_ext() in 2.5.0 * * \param ctx MD2 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( @@ -203,7 +203,7 @@ extern "C" { /** * \brief Output = MD2( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output MD2 checksum result */ @@ -222,7 +222,7 @@ int mbedtls_md2_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_md2() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output MD2 checksum result */ diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index 671c6a4f1..f5d335d8f 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -92,7 +92,7 @@ int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ); * \brief MD4 process buffer * * \param ctx MD4 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -148,7 +148,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( * \deprecated Superseded by mbedtls_md4_update_ext() in 2.5.0 * * \param ctx MD4 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( @@ -207,7 +207,7 @@ extern "C" { /** * \brief Output = MD4( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output MD4 checksum result * @@ -228,7 +228,7 @@ int mbedtls_md4_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_md4_ext() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output MD4 checksum result */ diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 816d081ab..5a7a00a6b 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -87,7 +87,7 @@ int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ); * \brief MD5 process buffer * * \param ctx MD5 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -143,7 +143,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( * \deprecated Superseded by mbedtls_md5_update_ext() in 2.5.0 * * \param ctx MD5 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( @@ -202,7 +202,7 @@ extern "C" { /** * \brief Output = MD5( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output MD5 checksum result * @@ -223,7 +223,7 @@ int mbedtls_md5_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_md5_ext() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output MD5 checksum result */ diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index aea16b366..318635988 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -92,7 +92,7 @@ int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ); * \brief RIPEMD-160 process buffer * * \param ctx RIPEMD-160 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -148,7 +148,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts( * \deprecated Superseded by mbedtls_ripemd160_update_ext() in 2.5.0 * * \param ctx RIPEMD-160 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update( @@ -207,7 +207,7 @@ extern "C" { /** * \brief Output = RIPEMD-160( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output RIPEMD-160 checksum result * @@ -228,7 +228,7 @@ int mbedtls_ripemd160_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_ripemd160_ext() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output RIPEMD-160 checksum result */ diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 47a9f996f..e18e6ac99 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -92,7 +92,7 @@ int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ); * \brief SHA-1 process buffer * * \param ctx SHA-1 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -148,7 +148,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( * \deprecated Superseded by mbedtls_sha1_update_ext() in 2.5.0 * * \param ctx SHA-1 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( @@ -207,7 +207,7 @@ extern "C" { /** * \brief Output = SHA-1( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-1 checksum result * @@ -228,7 +228,7 @@ int mbedtls_sha1_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_sha1_ext() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-1 checksum result */ diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 76555f4fd..5fce7ee93 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -94,7 +94,7 @@ int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ); * \brief SHA-256 process buffer * * \param ctx SHA-256 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -152,7 +152,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( * \deprecated Superseded by mbedtls_sha256_update_ext() in 2.5.0 * * \param ctx SHA-256 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( @@ -211,7 +211,7 @@ extern "C" { /** * \brief Output = SHA-256( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-224/256 checksum result * \param is224 0 = use SHA256, 1 = use SHA224 @@ -234,7 +234,7 @@ int mbedtls_sha256_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_sha256_ext() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-224/256 checksum result * \param is224 0 = use SHA256, 1 = use SHA224 diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 0fbdb3b71..7cba3f63c 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -94,7 +94,7 @@ int mbedtls_sha512_starts_ext( mbedtls_sha512_context *ctx, int is384 ); * \brief SHA-512 process buffer * * \param ctx SHA-512 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * * \return 0 if successful @@ -152,7 +152,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( * \deprecated Superseded by mbedtls_sha512_update_ext() in 2.5.0 * * \param ctx SHA-512 context - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data */ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( @@ -211,7 +211,7 @@ extern "C" { /** * \brief Output = SHA-512( input buffer ) * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-384/512 checksum result * \param is384 0 = use SHA512, 1 = use SHA384 @@ -234,7 +234,7 @@ int mbedtls_sha512_ext( const unsigned char *input, * * \deprecated Superseded by mbedtls_sha512_ext() in 2.5.0 * - * \param input buffer holding the data + * \param input buffer holding the data * \param ilen length of the input data * \param output SHA-384/512 checksum result * \param is384 0 = use SHA512, 1 = use SHA384 From 6a3f30514a21d06aa27acd9cc63ab0c0f53f17b7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 14:18:54 +0100 Subject: [PATCH 26/43] Ensure MD self_test ret codes are not hidden Also fix a potential memory leak and an incorrect goto statement in sha1.c self_test --- library/ripemd160.c | 7 +++++-- library/sha1.c | 20 ++++++++++++-------- library/sha256.c | 21 +++++++++++++-------- library/sha512.c | 19 ++++++++++++------- 4 files changed, 42 insertions(+), 25 deletions(-) diff --git a/library/ripemd160.c b/library/ripemd160.c index 8bf988eae..4e92bb735 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -464,7 +464,7 @@ static const unsigned char ripemd160_test_md[TESTS][20] = */ int mbedtls_ripemd160_self_test( int verbose ) { - int i, ret; + int i, ret = 0; unsigned char output[20]; memset( output, 0, sizeof output ); @@ -481,7 +481,10 @@ int mbedtls_ripemd160_self_test( int verbose ) goto fail; if( memcmp( output, ripemd160_test_md[i], 20 ) != 0 ) + { + ret = 1; goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -496,7 +499,7 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + return( ret ); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/library/sha1.c b/library/sha1.c index fdd087868..64b70f051 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -439,7 +439,7 @@ int mbedtls_sha1_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-1 test #%d: ", i + 1 ); - if( mbedtls_sha1_starts_ext( &ctx ) != 0 ) + if( ( ret = mbedtls_sha1_starts_ext( &ctx ) ) != 0 ) goto fail; if( i == 2 ) @@ -448,21 +448,27 @@ int mbedtls_sha1_self_test( int verbose ) for( j = 0; j < 1000; j++ ) { - if( mbedtls_sha1_update_ext( &ctx, buf, buflen ) != 0 ) + ret = mbedtls_sha1_update_ext( &ctx, buf, buflen ); + if( ret != 0 ) goto fail; } } else { - if( mbedtls_sha1_update_ext( &ctx, sha1_test_buf[i], - sha1_test_buflen[i] ) != 0 ) + ret = mbedtls_sha1_update_ext( &ctx, sha1_test_buf[i], + sha1_test_buflen[i] ); + if( ret != 0 ) goto fail; } - mbedtls_sha1_finish_ext( &ctx, sha1sum ); + if( ( ret = mbedtls_sha1_finish_ext( &ctx, sha1sum ) ) != 0 ) + goto fail; if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 ) - goto exit; + { + ret = 1; + goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -477,8 +483,6 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - ret = 1; - exit: mbedtls_sha1_free( &ctx ); diff --git a/library/sha256.c b/library/sha256.c index 88435a3c4..16a2f0b2f 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -448,7 +448,7 @@ int mbedtls_sha256_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); - if( mbedtls_sha256_starts_ext( &ctx, k ) != 0 ) + if( ( ret = mbedtls_sha256_starts_ext( &ctx, k ) ) != 0 ) goto fail; if( j == 2 ) @@ -456,23 +456,30 @@ int mbedtls_sha256_self_test( int verbose ) memset( buf, 'a', buflen = 1000 ); for( j = 0; j < 1000; j++ ) - if( mbedtls_sha256_update_ext( &ctx, buf, buflen ) != 0 ) + { + ret = mbedtls_sha256_update_ext( &ctx, buf, buflen ); + if( ret != 0 ) goto fail; + } } else { - if( mbedtls_sha256_update_ext( &ctx, sha256_test_buf[j], - sha256_test_buflen[j] ) != 0 ) - goto fail; + ret = mbedtls_sha256_update_ext( &ctx, sha256_test_buf[j], + sha256_test_buflen[j] ); + if( ret != 0 ) + goto fail; } - if( mbedtls_sha256_finish_ext( &ctx, sha256sum ) != 0 ) + if( ( ret = mbedtls_sha256_finish_ext( &ctx, sha256sum ) ) != 0 ) goto fail; if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 ) + { + ret = 1; goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -487,8 +494,6 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - ret = 1; - exit: mbedtls_sha256_free( &ctx ); mbedtls_free( buf ); diff --git a/library/sha512.c b/library/sha512.c index ff7e5ca5b..76d21ddfa 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -504,7 +504,7 @@ int mbedtls_sha512_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); - if( mbedtls_sha512_starts_ext( &ctx, k ) != 0 ) + if( ( ret = mbedtls_sha512_starts_ext( &ctx, k ) ) != 0 ) goto fail; if( j == 2 ) @@ -512,21 +512,28 @@ int mbedtls_sha512_self_test( int verbose ) memset( buf, 'a', buflen = 1000 ); for( j = 0; j < 1000; j++ ) - if( mbedtls_sha512_update_ext( &ctx, buf, buflen ) != 0 ) + { + ret = mbedtls_sha512_update_ext( &ctx, buf, buflen ); + if( ret != 0 ) goto fail; + } } else { - if( mbedtls_sha512_update_ext( &ctx, sha512_test_buf[j], - sha512_test_buflen[j] ) != 0 ) + ret = mbedtls_sha512_update_ext( &ctx, sha512_test_buf[j], + sha512_test_buflen[j] ); + if( ret != 0 ) goto fail; } - if( mbedtls_sha512_finish_ext( &ctx, sha512sum ) != 0 ) + if( ( ret = mbedtls_sha512_finish_ext( &ctx, sha512sum ) ) != 0 ) goto fail; if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 ) + { + ret = 1; goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -541,8 +548,6 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - ret = 1; - exit: mbedtls_sha512_free( &ctx ); mbedtls_free( buf ); From 94682d1d7d4a8492b0e832318bad670b427167b8 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 14:26:37 +0100 Subject: [PATCH 27/43] Fix use of unitialized ret in rsa.c --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index bd97d521b..4daa5b310 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -574,7 +574,7 @@ static int mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src, unsigned char *p; unsigned int hlen; size_t i, use_len; - int ret; + int ret = 0; memset( mask, 0, MBEDTLS_MD_MAX_SIZE ); memset( counter, 0, 4 ); From 0963e6cfac2230d68c6ed1aa220ac41f096796ff Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 14:34:08 +0100 Subject: [PATCH 28/43] Fix possible memory leak in _ext() --- library/md2.c | 10 +++++----- library/md4.c | 9 +++++---- library/md5.c | 9 +++++---- library/ripemd160.c | 9 +++++---- library/sha1.c | 9 +++++---- library/sha256.c | 9 +++++---- library/sha512.c | 9 +++++---- 7 files changed, 35 insertions(+), 29 deletions(-) diff --git a/library/md2.c b/library/md2.c index a5d768b25..8d887a102 100644 --- a/library/md2.c +++ b/library/md2.c @@ -229,18 +229,18 @@ int mbedtls_md2_ext( const unsigned char *input, mbedtls_md2_init( &ctx ); if( ( ret = mbedtls_md2_starts_ext( &ctx ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_md2_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_md2_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); - + goto exit; +exit: mbedtls_md2_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/md4.c b/library/md4.c index da4df7b14..1121fd190 100644 --- a/library/md4.c +++ b/library/md4.c @@ -333,17 +333,18 @@ int mbedtls_md4_ext( const unsigned char *input, mbedtls_md4_init( &ctx ); if( ( ret = mbedtls_md4_starts_ext( &ctx ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_md4_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_md4_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); + goto exit; +exit: mbedtls_md4_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/md5.c b/library/md5.c index 8150f941d..93f6434a1 100644 --- a/library/md5.c +++ b/library/md5.c @@ -347,17 +347,18 @@ int mbedtls_md5_ext( const unsigned char *input, mbedtls_md5_init( &ctx ); if( ( ret = mbedtls_md5_starts_ext( &ctx ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_md5_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_md5_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); + goto exit; +exit: mbedtls_md5_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/ripemd160.c b/library/ripemd160.c index 4e92bb735..0fc12a1ff 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -406,17 +406,18 @@ int mbedtls_ripemd160_ext( const unsigned char *input, mbedtls_ripemd160_init( &ctx ); if( ( ret = mbedtls_ripemd160_starts_ext( &ctx ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_ripemd160_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_ripemd160_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); + goto exit; +exit: mbedtls_ripemd160_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/sha1.c b/library/sha1.c index 64b70f051..42f3d6cd5 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -380,17 +380,18 @@ int mbedtls_sha1_ext( const unsigned char *input, mbedtls_sha1_init( &ctx ); if( ( ret = mbedtls_sha1_starts_ext( &ctx ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_sha1_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_sha1_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); + goto exit; +exit: mbedtls_sha1_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/sha256.c b/library/sha256.c index 16a2f0b2f..fb03cd1dc 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -355,17 +355,18 @@ int mbedtls_sha256_ext( const unsigned char *input, mbedtls_sha256_init( &ctx ); if( ( ret = mbedtls_sha256_starts_ext( &ctx, is224 ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_sha256_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_sha256_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); + goto exit; +exit: mbedtls_sha256_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) diff --git a/library/sha512.c b/library/sha512.c index 76d21ddfa..b1947f1ea 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -391,17 +391,18 @@ int mbedtls_sha512_ext( const unsigned char *input, mbedtls_sha512_init( &ctx ); if( ( ret = mbedtls_sha512_starts_ext( &ctx, is384 ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_sha512_update_ext( &ctx, input, ilen ) ) != 0 ) - return( ret ); + goto exit; if( ( ret = mbedtls_sha512_finish_ext( &ctx, output ) ) != 0 ) - return( ret ); + goto exit; +exit: mbedtls_sha512_free( &ctx ); - return( 0 ); + return( ret ); } #if defined(MBEDTLS_SELF_TEST) From c5c7d76bf5693578241382e729b73367c8775702 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 14:42:16 +0100 Subject: [PATCH 29/43] Add goto exit; stmt in rsa.c for consistency --- library/rsa.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index 4daa5b310..2f78ce366 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1446,8 +1446,11 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, if( ( ret = mbedtls_md_finish( &md_ctx, result ) ) != 0 ) goto exit; - if( ( ret = memcmp( p + slen, result, hlen ) ) != 0 ) + if( memcmp( p + slen, result, hlen ) != 0 ) + { ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; + goto exit; + } exit: mbedtls_md_free( &md_ctx ); From 8798a10ff0473b216411e818127c57a4d1ca94b4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 14:46:23 +0100 Subject: [PATCH 30/43] Update ChangeLog entry as ssl_tls.c needs fixing --- ChangeLog | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0c8f541d0..b9bc93155 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,7 +20,10 @@ API Changes mbedtls__finish() -> mbedtls__finish_ext() mbedtls__process() -> mbedtls_internal__process() The type of the function pointers in the mbedtls_md_info_t struct have - also been modified taking into account the functions return code. + also been modified taking into account the functions return code. Every + usage of the deprecated functions was updated. Furthermore, the MD return + codes are checked for error after every usage, except in the ssl_tls.c + module. = mbed TLS 2.5.1 released 2017-06-21 From 46f5a3e9b4d5db3cacfe2ba33480a27317c62d46 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 16:17:51 +0100 Subject: [PATCH 31/43] Check return codes from MD in ssl code --- include/mbedtls/ssl_internal.h | 17 ++++ library/ssl_cli.c | 85 ++----------------- library/ssl_srv.c | 87 +++----------------- library/ssl_tls.c | 144 +++++++++++++++++++++++++++++++++ 4 files changed, 177 insertions(+), 156 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 756360b18..c39c02db2 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -610,6 +610,23 @@ static inline int mbedtls_ssl_safer_memcmp( const void *a, const void *b, size_t return( diff ); } +#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_1) +int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, + unsigned char *output, + unsigned char *data, size_t data_len ); +#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ + MBEDTLS_SSL_PROTO_TLS1_1 */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) +int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, + unsigned char *output, + unsigned char *data, size_t data_len, + mbedtls_md_type_t md_alg ); +#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ + MBEDTLS_SSL_PROTO_TLS1_2 */ + #ifdef __cplusplus } #endif diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 86267f5c1..312e2ec51 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2490,60 +2490,11 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_PROTO_TLS1_1) if( md_alg == MBEDTLS_MD_NONE ) { - mbedtls_md5_context mbedtls_md5; - mbedtls_sha1_context mbedtls_sha1; - - mbedtls_md5_init( &mbedtls_md5 ); - hashlen = 36; - - /* - * digitally-signed struct { - * opaque md5_hash[16]; - * opaque sha_hash[20]; - * }; - * - * md5_hash - * MD5(ClientHello.random + ServerHello.random - * + ServerParams); - * sha_hash - * SHA(ClientHello.random + ServerHello.random - * + ServerParams); - */ - if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 || - ( ret = mbedtls_md5_update_ext( &mbedtls_md5, - ssl->handshake->randbytes, 64 ) ) != 0 || - ( ret = mbedtls_md5_update_ext( &mbedtls_md5, params, - params_len ) ) != 0 || - ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, hash ) ) != 0 ) - { - mbedtls_md5_free( &mbedtls_md5 ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_*", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, params, + params_len ); + if( ret != 0 ) return( ret ); - } - - mbedtls_md5_free( &mbedtls_md5 ); - - mbedtls_sha1_init( &mbedtls_sha1 ); - - if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 || - ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, - ssl->handshake->randbytes, 64 ) ) != 0 || - ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, params, - params_len ) ) != 0 || - ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1, - hash + 16 ) ) != 0 ) - { - mbedtls_sha1_free( &mbedtls_sha1 ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_*", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); - return( ret ); - } - - mbedtls_sha1_free( &mbedtls_sha1 ); } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ @@ -2552,36 +2503,12 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) defined(MBEDTLS_SSL_PROTO_TLS1_2) if( md_alg != MBEDTLS_MD_NONE ) { - mbedtls_md_context_t ctx; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - - mbedtls_md_init( &ctx ); - /* Info from md_alg will be used instead */ hashlen = 0; - - /* - * digitally-signed struct { - * opaque client_random[32]; - * opaque server_random[32]; - * ServerDHParams params; - * }; - */ - if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 || - ( ret = mbedtls_md_starts( &ctx ) ) != 0 || - ( ret = mbedtls_md_update( &ctx, - ssl->handshake->randbytes, 64 ) ) != 0 || - ( ret = mbedtls_md_update( &ctx, params, params_len ) ) != 0 || - ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 ) - { - mbedtls_md_free( &ctx ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_*", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, params, + params_len, md_alg ); + if( ret != 0 ) return( ret ); - } - - mbedtls_md_free( &ctx ); } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f08a9bde1..ab687159d 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3096,57 +3096,12 @@ curve_matching_done: defined(MBEDTLS_SSL_PROTO_TLS1_1) if( md_alg == MBEDTLS_MD_NONE ) { - mbedtls_md5_context mbedtls_md5; - mbedtls_sha1_context mbedtls_sha1; - - mbedtls_md5_init( &mbedtls_md5 ); - - /* - * digitally-signed struct { - * opaque md5_hash[16]; - * opaque sha_hash[20]; - * }; - * - * md5_hash - * MD5(ClientHello.random + ServerHello.random - * + ServerParams); - * sha_hash - * SHA(ClientHello.random + ServerHello.random - * + ServerParams); - */ - - if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 || - ( ret = mbedtls_md5_update_ext( &mbedtls_md5, - ssl->handshake->randbytes, 64 ) ) != 0 || - ( ret = mbedtls_md5_update_ext( &mbedtls_md5, dig_signed, - dig_signed_len ) ) != 0 || - ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, hash ) ) != 0 ) - { - mbedtls_md5_free( &mbedtls_md5 ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_*", ret ); - return( ret ); - } - - mbedtls_md5_free( &mbedtls_md5 ); - - mbedtls_sha1_init( &mbedtls_sha1 ); - - if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 || - ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, - ssl->handshake->randbytes, 64 ) ) != 0 || - ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, dig_signed, - dig_signed_len ) ) != 0 || - ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1, - hash + 16 ) ) != 0 ) - { - mbedtls_sha1_free( &mbedtls_sha1 ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_*", ret ); - return( ret ); - } - - mbedtls_sha1_free( &mbedtls_sha1 ); - hashlen = 36; + ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash, + dig_signed, + dig_signed_len ); + if( ret != 0 ) + return( ret ); } else #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ @@ -3155,36 +3110,14 @@ curve_matching_done: defined(MBEDTLS_SSL_PROTO_TLS1_2) if( md_alg != MBEDTLS_MD_NONE ) { - mbedtls_md_context_t ctx; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - - mbedtls_md_init( &ctx ); - /* Info from md_alg will be used instead */ hashlen = 0; - - /* - * digitally-signed struct { - * opaque client_random[32]; - * opaque server_random[32]; - * ServerDHParams params; - * }; - */ - if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 || - ( ret = mbedtls_md_starts( &ctx ) ) != 0 || - ( ret = mbedtls_md_update( &ctx, - ssl->handshake->randbytes, 64 ) ) != 0 || - ( ret = mbedtls_md_update( &ctx, dig_signed, - dig_signed_len ) ) != 0 || - ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 ) - { - mbedtls_md_free( &ctx ); - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_*", ret ); + ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, + dig_signed, + dig_signed_len, + md_alg ); + if( ret != 0 ) return( ret ); - } - - - mbedtls_md_free( &ctx ); } else #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b04917d14..f93537a2c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8043,4 +8043,148 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md ) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } +#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_1) +int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, + unsigned char *output, + unsigned char *data, size_t data_len ) +{ + int ret = 0; + mbedtls_md5_context mbedtls_md5; + mbedtls_sha1_context mbedtls_sha1; + + mbedtls_md5_init( &mbedtls_md5 ); + mbedtls_sha1_init( &mbedtls_sha1 ); + + /* + * digitally-signed struct { + * opaque md5_hash[16]; + * opaque sha_hash[20]; + * }; + * + * md5_hash + * MD5(ClientHello.random + ServerHello.random + * + ServerParams); + * sha_hash + * SHA(ClientHello.random + ServerHello.random + * + ServerParams); + */ + if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ext", ret ); + goto exit; + } + if( ( ret = mbedtls_md5_update_ext( &mbedtls_md5, + ssl->handshake->randbytes, 64 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ext", ret ); + goto exit; + } + if( ( ret = mbedtls_md5_update_ext( &mbedtls_md5, data, data_len ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ext", ret ); + goto exit; + } + if( ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, output ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ext", ret ); + goto exit; + } + + if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ext", ret ); + goto exit; + } + if( ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, + ssl->handshake->randbytes, 64 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ext", ret ); + goto exit; + } + if( ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, data, + data_len ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ext", ret ); + goto exit; + } + if( ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1, + output + 16 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ext", ret ); + goto exit; + } + +exit: + mbedtls_md5_free( &mbedtls_md5 ); + mbedtls_sha1_free( &mbedtls_sha1 ); + + if( ret != 0 ) + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + + return( ret ); + +} +#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \ + MBEDTLS_SSL_PROTO_TLS1_1 */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_2) +int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, + unsigned char *output, + unsigned char *data, size_t data_len, + mbedtls_md_type_t md_alg ) +{ + int ret = 0; + mbedtls_md_context_t ctx; + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); + + mbedtls_md_init( &ctx ); + + /* + * digitally-signed struct { + * opaque client_random[32]; + * opaque server_random[32]; + * ServerDHParams params; + * }; + */ + if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret ); + goto exit; + } + if( ( ret = mbedtls_md_starts( &ctx ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_starts", ret ); + goto exit; + } + if( ( ret = mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); + goto exit; + } + if( ( ret = mbedtls_md_update( &ctx, data, data_len ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); + goto exit; + } + if( ( ret = mbedtls_md_finish( &ctx, output ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret ); + goto exit; + } + +exit: + mbedtls_md_free( &ctx ); + + if( ret != 0 ) + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + + return( ret ); +} +#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ + MBEDTLS_SSL_PROTO_TLS1_2 */ + #endif /* MBEDTLS_SSL_TLS_C */ From 42e5e1084eeecf4b80cfba3557388b4d0942772c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 16:27:03 +0100 Subject: [PATCH 32/43] Add goto cleanup; for consistency md.c --- library/md.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/md.c b/library/md.c index a84f3042d..625b34c5e 100644 --- a/library/md.c +++ b/library/md.c @@ -358,8 +358,9 @@ int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key, if( ( ret = ctx->md_info->starts_func( ctx->md_ctx ) ) != 0 ) goto cleanup; - ret = ctx->md_info->update_func( ctx->md_ctx, ipad, - ctx->md_info->block_size ); + if( ( ret = ctx->md_info->update_func( ctx->md_ctx, ipad, + ctx->md_info->block_size ) ) != 0 ) + goto cleanup; cleanup: mbedtls_zeroize( sum, sizeof( sum ) ); From 3395250f5fb8a996d1a85621446dc752d62f1785 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 16:29:16 +0100 Subject: [PATCH 33/43] Fix use of uninitialised ret ssl_tls.c --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index f93537a2c..0f7d015d8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -221,7 +221,7 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen ) { - int ret; + int ret = 0; size_t i; mbedtls_md5_context md5; mbedtls_sha1_context sha1; From b2b063ff3538f1a8f8a027009712e67b5a5fc4a9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 16:45:24 +0100 Subject: [PATCH 34/43] Add comment in entropy.c --- library/entropy.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/entropy.c b/library/entropy.c index 67ec9010c..baca87cf7 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -366,6 +366,11 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE ); #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) + /* + * Note that at this stage it is assumed that the accumulator was started + * in a previous call to entropy_update(). If this is not guaranteed, the + * code below will fail. + */ if( ( ret = mbedtls_sha512_finish_ext( &ctx->accumulator, buf ) ) != 0 ) goto exit; From aa464ef23a49e386515e5245c444f202e45e2e4f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 14:21:53 +0100 Subject: [PATCH 35/43] Fix indentation and add goto cleanup; stmt --- library/md.c | 3 ++- library/ripemd160.c | 4 ++-- library/sha256.c | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/library/md.c b/library/md.c index 625b34c5e..cec4243fd 100644 --- a/library/md.c +++ b/library/md.c @@ -436,7 +436,8 @@ int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, goto cleanup; if( ( ret = mbedtls_md_hmac_update( &ctx, input, ilen ) ) != 0 ) goto cleanup; - ret = mbedtls_md_hmac_finish( &ctx, output ); + if( ( ret = mbedtls_md_hmac_finish( &ctx, output ) ) != 0 ) + goto cleanup; cleanup: mbedtls_md_free( &ctx ); diff --git a/library/ripemd160.c b/library/ripemd160.c index 0fc12a1ff..bf5058fe9 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -378,11 +378,11 @@ int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, ret = mbedtls_ripemd160_update_ext( ctx, ripemd160_padding, padn ); if( ret != 0 ) - return( ret ); + return( ret ); ret = mbedtls_ripemd160_update_ext( ctx, msglen, 8 ); if( ret != 0 ) - return( ret ); + return( ret ); PUT_UINT32_LE( ctx->state[0], output, 0 ); PUT_UINT32_LE( ctx->state[1], output, 4 ); diff --git a/library/sha256.c b/library/sha256.c index fb03cd1dc..0e24d6982 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -320,10 +320,10 @@ int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); if( ( ret = mbedtls_sha256_update_ext( ctx, sha256_padding, padn ) ) != 0 ) - return( ret ); + return( ret ); if( ( ret = mbedtls_sha256_update_ext( ctx, msglen, 8 ) ) != 0 ) - return( ret ); + return( ret ); PUT_UINT32_BE( ctx->state[0], output, 0 ); PUT_UINT32_BE( ctx->state[1], output, 4 ); From 2d0aa8be97bad9e8d65276716833f1e6d117c5b2 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 14:57:26 +0100 Subject: [PATCH 36/43] Fix MD selftest to use correct type and expose ret --- library/md2.c | 20 ++++++++++++++------ library/md4.c | 20 ++++++++++++++------ library/md5.c | 15 +++++++++------ library/ripemd160.c | 31 +++++++++++++++++-------------- library/sha1.c | 2 +- library/sha256.c | 2 +- library/sha512.c | 2 +- 7 files changed, 57 insertions(+), 35 deletions(-) diff --git a/library/md2.c b/library/md2.c index 8d887a102..06d6ac288 100644 --- a/library/md2.c +++ b/library/md2.c @@ -248,7 +248,7 @@ exit: /* * RFC 1319 test vectors */ -static const char md2_test_str[7][81] = +static const unsigned char md2_test_str[7][81] = { { "" }, { "a" }, @@ -256,10 +256,15 @@ static const char md2_test_str[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" \ + { "12345678901234567890123456789012345678901234567890123456789012" "345678901234567890" } }; +static const size_t md2_test_strlen[7] = +{ + 0, 1, 3, 14, 26, 62, 80 +}; + static const unsigned char md2_test_sum[7][16] = { { 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D, @@ -283,7 +288,7 @@ static const unsigned char md2_test_sum[7][16] = */ int mbedtls_md2_self_test( int verbose ) { - int i; + int i, ret = 0; unsigned char md2sum[16]; for( i = 0; i < 7; i++ ) @@ -291,12 +296,15 @@ int mbedtls_md2_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD2 test #%d: ", i + 1 ); - if( mbedtls_md2_ext( (unsigned char *)md2_test_str[i], - strlen( md2_test_str[i] ), md2sum ) != 0 ) + ret = mbedtls_md2_ext( md2_test_str[i], md2_test_strlen[i], md2sum ); + if( ret != 0 ) goto fail; if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 ) + { + ret = 1; goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -311,7 +319,7 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + return( ret ); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/library/md4.c b/library/md4.c index 1121fd190..f5972eb63 100644 --- a/library/md4.c +++ b/library/md4.c @@ -352,7 +352,7 @@ exit: /* * RFC 1320 test vectors */ -static const char md4_test_str[7][81] = +static const unsigned char md4_test_str[7][81] = { { "" }, { "a" }, @@ -360,10 +360,15 @@ static const char md4_test_str[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" \ + { "12345678901234567890123456789012345678901234567890123456789012" "345678901234567890" } }; +static const size_t md4_test_strlen[7] = +{ + 0, 1, 3, 14, 26, 62, 80 +}; + static const unsigned char md4_test_sum[7][16] = { { 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31, @@ -387,7 +392,7 @@ static const unsigned char md4_test_sum[7][16] = */ int mbedtls_md4_self_test( int verbose ) { - int i; + int i, ret = 0; unsigned char md4sum[16]; for( i = 0; i < 7; i++ ) @@ -395,12 +400,15 @@ int mbedtls_md4_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD4 test #%d: ", i + 1 ); - if( mbedtls_md4_ext( (unsigned char *) md4_test_str[i], - strlen( md4_test_str[i] ), md4sum ) != 0 ) + ret = mbedtls_md4_ext( md4_test_str[i], md4_test_strlen[i], md4sum ); + if( ret != 0 ) goto fail; if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 ) + { + ret = 1; goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -415,7 +423,7 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + return( ret ); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/library/md5.c b/library/md5.c index 93f6434a1..68a112ab7 100644 --- a/library/md5.c +++ b/library/md5.c @@ -373,11 +373,11 @@ static const unsigned char md5_test_buf[7][81] = { "message digest" }, { "abcdefghijklmnopqrstuvwxyz" }, { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012" \ + { "12345678901234567890123456789012345678901234567890123456789012" "345678901234567890" } }; -static const int md5_test_buflen[7] = +static const size_t md5_test_buflen[7] = { 0, 1, 3, 14, 26, 62, 80 }; @@ -405,7 +405,7 @@ static const unsigned char md5_test_sum[7][16] = */ int mbedtls_md5_self_test( int verbose ) { - int i; + int i, ret = 0; unsigned char md5sum[16]; for( i = 0; i < 7; i++ ) @@ -413,12 +413,15 @@ int mbedtls_md5_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD5 test #%d: ", i + 1 ); - if( mbedtls_md5_ext( md5_test_buf[i], - md5_test_buflen[i], md5sum ) != 0 ) + ret = mbedtls_md5_ext( md5_test_buf[i], md5_test_buflen[i], md5sum ); + if( ret != 0 ) goto fail; if( memcmp( md5sum, md5_test_sum[i], 16 ) != 0 ) + { + ret = 1; goto fail; + } if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -433,7 +436,7 @@ fail: if( verbose != 0 ) mbedtls_printf( "failed\n" ); - return( 1 ); + return( ret ); } #endif /* MBEDTLS_SELF_TEST */ diff --git a/library/ripemd160.c b/library/ripemd160.c index bf5058fe9..274a7c9c7 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -426,18 +426,22 @@ exit: * http://homes.esat.kuleuven.be/~bosselae/mbedtls_ripemd160.html#HMAC */ #define TESTS 8 -#define KEYS 2 -static const char *ripemd160_test_input[TESTS] = +static const unsigned char ripemd160_test_str[TESTS][81] = { - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "1234567890123456789012345678901234567890" - "1234567890123456789012345678901234567890", + { "" }, + { "a" }, + { "abc" }, + { "message digest" }, + { "abcdefghijklmnopqrstuvwxyz" }, + { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" }, + { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, + { "12345678901234567890123456789012345678901234567890123456789012" + "345678901234567890" }, +}; + +static const size_t ripemd160_test_strlen[TESTS] = +{ + 0, 1, 3, 14, 26, 56, 62, 80 }; static const unsigned char ripemd160_test_md[TESTS][20] = @@ -475,9 +479,8 @@ int mbedtls_ripemd160_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " RIPEMD-160 test #%d: ", i + 1 ); - ret = mbedtls_ripemd160_ext( - (const unsigned char *)ripemd160_test_input[i], - strlen( ripemd160_test_input[i] ), output ); + ret = mbedtls_ripemd160_ext( ripemd160_test_str[i], + ripemd160_test_strlen[i], output ); if( ret != 0 ) goto fail; diff --git a/library/sha1.c b/library/sha1.c index 42f3d6cd5..8d3895035 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -405,7 +405,7 @@ static const unsigned char sha1_test_buf[3][57] = { "" } }; -static const int sha1_test_buflen[3] = +static const size_t sha1_test_buflen[3] = { 3, 56, 1000 }; diff --git a/library/sha256.c b/library/sha256.c index 0e24d6982..b76569792 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -380,7 +380,7 @@ static const unsigned char sha256_test_buf[3][57] = { "" } }; -static const int sha256_test_buflen[3] = +static const size_t sha256_test_buflen[3] = { 3, 56, 1000 }; diff --git a/library/sha512.c b/library/sha512.c index b1947f1ea..d0faba941 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -418,7 +418,7 @@ static const unsigned char sha512_test_buf[3][113] = { "" } }; -static const int sha512_test_buflen[3] = +static const size_t sha512_test_buflen[3] = { 3, 112, 1000 }; From 15932e0cbfd25ba044f0d38b24801829de7c1884 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Jan 2018 11:43:45 +0100 Subject: [PATCH 37/43] Fix typo in deprecation statement --- include/mbedtls/md2.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 2a14b1002..23145de46 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -220,7 +220,7 @@ int mbedtls_md2_ext( const unsigned char *input, /** * \brief Output = MD2( input buffer ) * - * \deprecated Superseded by mbedtls_md2() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_ext() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data From 9e4f77c6068a633b18f439d8e06670826c54a1d5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Jan 2018 11:48:08 +0100 Subject: [PATCH 38/43] New MD API: rename functions from _ext to _ret The _ext suffix suggests "new arguments", but the new functions have the same arguments. Use _ret instead, to convey that the difference is that the new functions return a value. --- include/mbedtls/md2.h | 24 ++-- include/mbedtls/md4.h | 24 ++-- include/mbedtls/md5.h | 24 ++-- include/mbedtls/ripemd160.h | 24 ++-- include/mbedtls/sha1.h | 24 ++-- include/mbedtls/sha256.h | 24 ++-- include/mbedtls/sha512.h | 24 ++-- library/entropy.c | 32 ++--- library/md2.c | 16 +-- library/md4.c | 20 ++-- library/md5.c | 20 ++-- library/md_wrap.c | 64 +++++----- library/pem.c | 18 +-- library/ripemd160.c | 20 ++-- library/rsa.c | 2 +- library/sha1.c | 26 ++-- library/sha256.c | 26 ++-- library/sha512.c | 26 ++-- library/ssl_tls.c | 166 +++++++++++++------------- library/x509write_crt.c | 4 +- programs/hash/hello.c | 2 +- programs/pkey/dh_client.c | 4 +- programs/pkey/dh_server.c | 4 +- programs/pkey/ecdsa.c | 4 +- programs/test/benchmark.c | 12 +- tests/suites/test_suite_mdx.function | 8 +- tests/suites/test_suite_shax.function | 10 +- 27 files changed, 326 insertions(+), 326 deletions(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 23145de46..0df6b36f4 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -86,7 +86,7 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, * * \return 0 if successful */ -int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ); +int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ); /** * \brief MD2 process buffer @@ -97,7 +97,7 @@ int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ); * * \return 0 if successful */ -int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, +int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen ); @@ -109,7 +109,7 @@ int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, * * \return 0 if successful */ -int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, +int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, unsigned char output[16] ); /** @@ -130,20 +130,20 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); /** * \brief MD2 context setup * - * \deprecated Superseded by mbedtls_md2_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_starts_ret() in 2.5.0 * * \param ctx context to be initialized */ MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( mbedtls_md2_context *ctx ) { - mbedtls_md2_starts_ext( ctx ); + mbedtls_md2_starts_ret( ctx ); } /** * \brief MD2 process buffer * - * \deprecated Superseded by mbedtls_md2_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_update_ret() in 2.5.0 * * \param ctx MD2 context * \param input buffer holding the data @@ -154,13 +154,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( const unsigned char *input, size_t ilen ) { - mbedtls_md2_update_ext( ctx, input, ilen ); + mbedtls_md2_update_ret( ctx, input, ilen ); } /** * \brief MD2 final digest * - * \deprecated Superseded by mbedtls_md2_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_finish_ret() in 2.5.0 * * \param ctx MD2 context * \param output MD2 checksum result @@ -169,7 +169,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ) { - mbedtls_md2_finish_ext( ctx, output ); + mbedtls_md2_finish_ret( ctx, output ); } /** @@ -207,7 +207,7 @@ extern "C" { * \param ilen length of the input data * \param output MD2 checksum result */ -int mbedtls_md2_ext( const unsigned char *input, +int mbedtls_md2_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ); @@ -220,7 +220,7 @@ int mbedtls_md2_ext( const unsigned char *input, /** * \brief Output = MD2( input buffer ) * - * \deprecated Superseded by mbedtls_md2_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -230,7 +230,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] ) { - mbedtls_md2_ext( input, ilen, output ); + mbedtls_md2_ret( input, ilen, output ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index f5d335d8f..acd09bd61 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -86,7 +86,7 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, * * \return 0 if successful */ -int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ); +int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ); /** * \brief MD4 process buffer @@ -97,7 +97,7 @@ int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ); * * \return 0 if successful */ -int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, +int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen ); @@ -109,7 +109,7 @@ int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, * * \return 0 if successful */ -int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, +int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, unsigned char output[16] ); /** @@ -132,20 +132,20 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, /** * \brief MD4 context setup * - * \deprecated Superseded by mbedtls_md4_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_starts_ret() in 2.5.0 * * \param ctx context to be initialized */ MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( mbedtls_md4_context *ctx ) { - mbedtls_md4_starts_ext( ctx ); + mbedtls_md4_starts_ret( ctx ); } /** * \brief MD4 process buffer * - * \deprecated Superseded by mbedtls_md4_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_update_ret() in 2.5.0 * * \param ctx MD4 context * \param input buffer holding the data @@ -156,13 +156,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( const unsigned char *input, size_t ilen ) { - mbedtls_md4_update_ext( ctx, input, ilen ); + mbedtls_md4_update_ret( ctx, input, ilen ); } /** * \brief MD4 final digest * - * \deprecated Superseded by mbedtls_md4_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_finish_ret() in 2.5.0 * * \param ctx MD4 context * \param output MD4 checksum result @@ -171,7 +171,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ) { - mbedtls_md4_finish_ext( ctx, output ); + mbedtls_md4_finish_ret( ctx, output ); } /** @@ -213,7 +213,7 @@ extern "C" { * * \return 0 if successful */ -int mbedtls_md4_ext( const unsigned char *input, +int mbedtls_md4_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ); @@ -226,7 +226,7 @@ int mbedtls_md4_ext( const unsigned char *input, /** * \brief Output = MD4( input buffer ) * - * \deprecated Superseded by mbedtls_md4_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -236,7 +236,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] ) { - mbedtls_md4_ext( input, ilen, output ); + mbedtls_md4_ret( input, ilen, output ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 5a7a00a6b..18db8b734 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -81,7 +81,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, * * \return 0 if successful */ -int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ); +int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ); /** * \brief MD5 process buffer @@ -92,7 +92,7 @@ int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ); * * \return 0 if successful */ -int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, +int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ); @@ -104,7 +104,7 @@ int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, * * \return 0 if successful */ -int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, +int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ); /** @@ -127,20 +127,20 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, /** * \brief MD5 context setup * - * \deprecated Superseded by mbedtls_md5_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_starts_ret() in 2.5.0 * * \param ctx context to be initialized */ MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( mbedtls_md5_context *ctx ) { - mbedtls_md5_starts_ext( ctx ); + mbedtls_md5_starts_ret( ctx ); } /** * \brief MD5 process buffer * - * \deprecated Superseded by mbedtls_md5_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_update_ret() in 2.5.0 * * \param ctx MD5 context * \param input buffer holding the data @@ -151,13 +151,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( const unsigned char *input, size_t ilen ) { - mbedtls_md5_update_ext( ctx, input, ilen ); + mbedtls_md5_update_ret( ctx, input, ilen ); } /** * \brief MD5 final digest * - * \deprecated Superseded by mbedtls_md5_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_finish_ret() in 2.5.0 * * \param ctx MD5 context * \param output MD5 checksum result @@ -166,7 +166,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) { - mbedtls_md5_finish_ext( ctx, output ); + mbedtls_md5_finish_ret( ctx, output ); } /** @@ -208,7 +208,7 @@ extern "C" { * * \return 0 if successful */ -int mbedtls_md5_ext( const unsigned char *input, +int mbedtls_md5_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ); @@ -221,7 +221,7 @@ int mbedtls_md5_ext( const unsigned char *input, /** * \brief Output = MD5( input buffer ) * - * \deprecated Superseded by mbedtls_md5_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -231,7 +231,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] ) { - mbedtls_md5_ext( input, ilen, output ); + mbedtls_md5_ret( input, ilen, output ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 318635988..ea679810e 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -86,7 +86,7 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, * * \return 0 if successful */ -int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ); +int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ); /** * \brief RIPEMD-160 process buffer @@ -97,7 +97,7 @@ int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ); * * \return 0 if successful */ -int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, +int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, const unsigned char *input, size_t ilen ); @@ -109,7 +109,7 @@ int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, * * \return 0 if successful */ -int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, +int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, unsigned char output[20] ); /** @@ -132,20 +132,20 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, /** * \brief RIPEMD-160 context setup * - * \deprecated Superseded by mbedtls_ripemd160_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_starts_ret() in 2.5.0 * * \param ctx context to be initialized */ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ) { - mbedtls_ripemd160_starts_ext( ctx ); + mbedtls_ripemd160_starts_ret( ctx ); } /** * \brief RIPEMD-160 process buffer * - * \deprecated Superseded by mbedtls_ripemd160_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_update_ret() in 2.5.0 * * \param ctx RIPEMD-160 context * \param input buffer holding the data @@ -156,13 +156,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update( const unsigned char *input, size_t ilen ) { - mbedtls_ripemd160_update_ext( ctx, input, ilen ); + mbedtls_ripemd160_update_ret( ctx, input, ilen ); } /** * \brief RIPEMD-160 final digest * - * \deprecated Superseded by mbedtls_ripemd160_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_finish_ret() in 2.5.0 * * \param ctx RIPEMD-160 context * \param output RIPEMD-160 checksum result @@ -171,7 +171,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] ) { - mbedtls_ripemd160_finish_ext( ctx, output ); + mbedtls_ripemd160_finish_ret( ctx, output ); } /** @@ -213,7 +213,7 @@ extern "C" { * * \return 0 if successful */ -int mbedtls_ripemd160_ext( const unsigned char *input, +int mbedtls_ripemd160_ret( const unsigned char *input, size_t ilen, unsigned char output[20] ); @@ -226,7 +226,7 @@ int mbedtls_ripemd160_ext( const unsigned char *input, /** * \brief Output = RIPEMD-160( input buffer ) * - * \deprecated Superseded by mbedtls_ripemd160_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -237,7 +237,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160( size_t ilen, unsigned char output[20] ) { - mbedtls_ripemd160_ext( input, ilen, output ); + mbedtls_ripemd160_ret( input, ilen, output ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index e18e6ac99..57bfea4e6 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -86,7 +86,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, * * \return 0 if successful */ -int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ); +int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); /** * \brief SHA-1 process buffer @@ -97,7 +97,7 @@ int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ); * * \return 0 if successful */ -int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, +int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ); @@ -109,7 +109,7 @@ int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, * * \return 0 if successful */ -int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, +int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ); /** @@ -132,20 +132,20 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, /** * \brief SHA-1 context setup * - * \deprecated Superseded by mbedtls_sha1_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.5.0 * * \param ctx context to be initialized */ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) { - mbedtls_sha1_starts_ext( ctx ); + mbedtls_sha1_starts_ret( ctx ); } /** * \brief SHA-1 process buffer * - * \deprecated Superseded by mbedtls_sha1_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.5.0 * * \param ctx SHA-1 context * \param input buffer holding the data @@ -156,13 +156,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( const unsigned char *input, size_t ilen ) { - mbedtls_sha1_update_ext( ctx, input, ilen ); + mbedtls_sha1_update_ret( ctx, input, ilen ); } /** * \brief SHA-1 final digest * - * \deprecated Superseded by mbedtls_sha1_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.5.0 * * \param ctx SHA-1 context * \param output SHA-1 checksum result @@ -171,7 +171,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) { - mbedtls_sha1_finish_ext( ctx, output ); + mbedtls_sha1_finish_ret( ctx, output ); } /** @@ -213,7 +213,7 @@ extern "C" { * * \return 0 if successful */ -int mbedtls_sha1_ext( const unsigned char *input, +int mbedtls_sha1_ret( const unsigned char *input, size_t ilen, unsigned char output[20] ); @@ -226,7 +226,7 @@ int mbedtls_sha1_ext( const unsigned char *input, /** * \brief Output = SHA-1( input buffer ) * - * \deprecated Superseded by mbedtls_sha1_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -236,7 +236,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ) { - mbedtls_sha1_ext( input, ilen, output ); + mbedtls_sha1_ret( input, ilen, output ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 5fce7ee93..be5ef794f 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -88,7 +88,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * * \return 0 if successful */ -int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ); +int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); /** * \brief SHA-256 process buffer @@ -99,7 +99,7 @@ int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ); * * \return 0 if successful */ -int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, +int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ); @@ -111,7 +111,7 @@ int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, * * \return 0 if successful */ -int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, +int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ); /** @@ -134,7 +134,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, /** * \brief SHA-256 context setup * - * \deprecated Superseded by mbedtls_sha256_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.5.0 * * \param ctx context to be initialized * \param is224 0 = use SHA256, 1 = use SHA224 @@ -143,13 +143,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) { - mbedtls_sha256_starts_ext( ctx, is224 ); + mbedtls_sha256_starts_ret( ctx, is224 ); } /** * \brief SHA-256 process buffer * - * \deprecated Superseded by mbedtls_sha256_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_update_ret() in 2.5.0 * * \param ctx SHA-256 context * \param input buffer holding the data @@ -160,13 +160,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( const unsigned char *input, size_t ilen ) { - mbedtls_sha256_update_ext( ctx, input, ilen ); + mbedtls_sha256_update_ret( ctx, input, ilen ); } /** * \brief SHA-256 final digest * - * \deprecated Superseded by mbedtls_sha256_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.5.0 * * \param ctx SHA-256 context * \param output SHA-224/256 checksum result @@ -175,7 +175,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ) { - mbedtls_sha256_finish_ext( ctx, output ); + mbedtls_sha256_finish_ret( ctx, output ); } /** @@ -218,7 +218,7 @@ extern "C" { * * \return 0 if successful */ -int mbedtls_sha256_ext( const unsigned char *input, +int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ); @@ -232,7 +232,7 @@ int mbedtls_sha256_ext( const unsigned char *input, /** * \brief Output = SHA-256( input buffer ) * - * \deprecated Superseded by mbedtls_sha256_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -245,7 +245,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256( unsigned char output[32], int is224 ) { - mbedtls_sha256_ext( input, ilen, output, is224 ); + mbedtls_sha256_ret( input, ilen, output, is224 ); } #undef MBEDTLS_DEPRECATED diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 7cba3f63c..0fadb4c3b 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -88,7 +88,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, * * \return 0 if successful */ -int mbedtls_sha512_starts_ext( mbedtls_sha512_context *ctx, int is384 ); +int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ); /** * \brief SHA-512 process buffer @@ -99,7 +99,7 @@ int mbedtls_sha512_starts_ext( mbedtls_sha512_context *ctx, int is384 ); * * \return 0 if successful */ -int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, +int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen ); @@ -111,7 +111,7 @@ int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, * * \return 0 if successful */ -int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, +int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ); /** @@ -134,7 +134,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, /** * \brief SHA-512 context setup * - * \deprecated Superseded by mbedtls_sha512_starts_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.5.0 * * \param ctx context to be initialized * \param is384 0 = use SHA512, 1 = use SHA384 @@ -143,13 +143,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) { - mbedtls_sha512_starts_ext( ctx, is384 ); + mbedtls_sha512_starts_ret( ctx, is384 ); } /** * \brief SHA-512 process buffer * - * \deprecated Superseded by mbedtls_sha512_update_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.5.0 * * \param ctx SHA-512 context * \param input buffer holding the data @@ -160,13 +160,13 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( const unsigned char *input, size_t ilen ) { - mbedtls_sha512_update_ext( ctx, input, ilen ); + mbedtls_sha512_update_ret( ctx, input, ilen ); } /** * \brief SHA-512 final digest * - * \deprecated Superseded by mbedtls_sha512_finish_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.5.0 * * \param ctx SHA-512 context * \param output SHA-384/512 checksum result @@ -175,7 +175,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char output[64] ) { - mbedtls_sha512_finish_ext( ctx, output ); + mbedtls_sha512_finish_ret( ctx, output ); } /** @@ -218,7 +218,7 @@ extern "C" { * * \return 0 if successful */ -int mbedtls_sha512_ext( const unsigned char *input, +int mbedtls_sha512_ret( const unsigned char *input, size_t ilen, unsigned char output[64], int is384 ); @@ -232,7 +232,7 @@ int mbedtls_sha512_ext( const unsigned char *input, /** * \brief Output = SHA-512( input buffer ) * - * \deprecated Superseded by mbedtls_sha512_ext() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_ret() in 2.5.0 * * \param input buffer holding the data * \param ilen length of the input data @@ -245,7 +245,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512( unsigned char output[64], int is384 ) { - mbedtls_sha512_ext( input, ilen, output, is384 ); + mbedtls_sha512_ret( input, ilen, output, is384 ); } #undef MBEDTLS_DEPRECATED diff --git a/library/entropy.c b/library/entropy.c index 45b2f2b57..20b24ff09 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -193,10 +193,10 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE ) { #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - if( ( ret = mbedtls_sha512_ext( data, len, tmp, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 ) return( ret ); #else - if( ( ret = mbedtls_sha256_ext( data, len, tmp, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 ) return( ret ); #endif p = tmp; @@ -213,22 +213,22 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id */ #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) if( ctx->accumulator_started == 0 && - ( ret = mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) return( ret ); else ctx->accumulator_started = 1; - if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, header, 2 ) ) != 0 ) + if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 ) return( ret ); - return( mbedtls_sha512_update_ext( &ctx->accumulator, p, use_len ) ); + return( mbedtls_sha512_update_ret( &ctx->accumulator, p, use_len ) ); #else if( ctx->accumulator_started == 0 && - ( ret = mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) return( ret ); else ctx->accumulator_started = 1; - if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, header, 2 ) ) != 0 ) + if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 ) return( ret ); - return( mbedtls_sha256_update_ext( &ctx->accumulator, p, use_len ) ); + return( mbedtls_sha256_update_ret( &ctx->accumulator, p, use_len ) ); #endif } @@ -374,7 +374,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) * in a previous call to entropy_update(). If this is not guaranteed, the * code below will fail. */ - if( ( ret = mbedtls_sha512_finish_ext( &ctx->accumulator, buf ) ) != 0 ) + if( ( ret = mbedtls_sha512_finish_ret( &ctx->accumulator, buf ) ) != 0 ) goto exit; /* @@ -382,20 +382,20 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) */ mbedtls_sha512_free( &ctx->accumulator ); mbedtls_sha512_init( &ctx->accumulator ); - if( ( ret = mbedtls_sha512_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha512_update_ext( &ctx->accumulator, buf, + if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) goto exit; /* * Perform second SHA-512 on entropy */ - if( ( ret = mbedtls_sha512_ext( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + if( ( ret = mbedtls_sha512_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 ) ) != 0 ) goto exit; #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ - if( ( ret = mbedtls_sha256_finish_ext( &ctx->accumulator, buf ) ) != 0 ) + if( ( ret = mbedtls_sha256_finish_ret( &ctx->accumulator, buf ) ) != 0 ) goto exit; /* @@ -403,16 +403,16 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) */ mbedtls_sha256_free( &ctx->accumulator ); mbedtls_sha256_init( &ctx->accumulator ); - if( ( ret = mbedtls_sha256_starts_ext( &ctx->accumulator, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha256_update_ext( &ctx->accumulator, buf, + if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) goto exit; /* * Perform second SHA-256 on entropy */ - if( ( ret = mbedtls_sha256_ext( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + if( ( ret = mbedtls_sha256_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 ) ) != 0 ) goto exit; #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ diff --git a/library/md2.c b/library/md2.c index 06d6ac288..5028e8c58 100644 --- a/library/md2.c +++ b/library/md2.c @@ -105,7 +105,7 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, /* * MD2 context setup */ -int mbedtls_md2_starts_ext( mbedtls_md2_context *ctx ) +int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ) { memset( ctx->cksum, 0, 16 ); memset( ctx->state, 0, 46 ); @@ -156,7 +156,7 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ) /* * MD2 process buffer */ -int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, +int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen ) { @@ -190,7 +190,7 @@ int mbedtls_md2_update_ext( mbedtls_md2_context *ctx, /* * MD2 final digest */ -int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, +int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, unsigned char output[16] ) { int ret; @@ -219,7 +219,7 @@ int mbedtls_md2_finish_ext( mbedtls_md2_context *ctx, /* * output = MD2( input buffer ) */ -int mbedtls_md2_ext( const unsigned char *input, +int mbedtls_md2_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ) { @@ -228,13 +228,13 @@ int mbedtls_md2_ext( const unsigned char *input, mbedtls_md2_init( &ctx ); - if( ( ret = mbedtls_md2_starts_ext( &ctx ) ) != 0 ) + if( ( ret = mbedtls_md2_starts_ret( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md2_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_md2_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md2_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_md2_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -296,7 +296,7 @@ int mbedtls_md2_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD2 test #%d: ", i + 1 ); - ret = mbedtls_md2_ext( md2_test_str[i], md2_test_strlen[i], md2sum ); + ret = mbedtls_md2_ret( md2_test_str[i], md2_test_strlen[i], md2sum ); if( ret != 0 ) goto fail; diff --git a/library/md4.c b/library/md4.c index f5972eb63..34a4b0e24 100644 --- a/library/md4.c +++ b/library/md4.c @@ -98,7 +98,7 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, /* * MD4 context setup */ -int mbedtls_md4_starts_ext( mbedtls_md4_context *ctx ) +int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -222,7 +222,7 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, /* * MD4 process buffer */ -int mbedtls_md4_update_ext( mbedtls_md4_context *ctx, +int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen ) { @@ -284,7 +284,7 @@ static const unsigned char md4_padding[64] = /* * MD4 final digest */ -int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, +int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, unsigned char output[16] ) { int ret; @@ -302,11 +302,11 @@ int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - ret = mbedtls_md4_update_ext( ctx, (unsigned char *)md4_padding, padn ); + ret = mbedtls_md4_update_ret( ctx, (unsigned char *)md4_padding, padn ); if( ret != 0 ) return( ret ); - if( ( ret = mbedtls_md4_update_ext( ctx, msglen, 8 ) ) != 0 ) + if( ( ret = mbedtls_md4_update_ret( ctx, msglen, 8 ) ) != 0 ) return( ret ); @@ -323,7 +323,7 @@ int mbedtls_md4_finish_ext( mbedtls_md4_context *ctx, /* * output = MD4( input buffer ) */ -int mbedtls_md4_ext( const unsigned char *input, +int mbedtls_md4_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ) { @@ -332,13 +332,13 @@ int mbedtls_md4_ext( const unsigned char *input, mbedtls_md4_init( &ctx ); - if( ( ret = mbedtls_md4_starts_ext( &ctx ) ) != 0 ) + if( ( ret = mbedtls_md4_starts_ret( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md4_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_md4_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md4_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_md4_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -400,7 +400,7 @@ int mbedtls_md4_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD4 test #%d: ", i + 1 ); - ret = mbedtls_md4_ext( md4_test_str[i], md4_test_strlen[i], md4sum ); + ret = mbedtls_md4_ret( md4_test_str[i], md4_test_strlen[i], md4sum ); if( ret != 0 ) goto fail; diff --git a/library/md5.c b/library/md5.c index 68a112ab7..8872dc467 100644 --- a/library/md5.c +++ b/library/md5.c @@ -97,7 +97,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, /* * MD5 context setup */ -int mbedtls_md5_starts_ext( mbedtls_md5_context *ctx ) +int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -241,7 +241,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, /* * MD5 process buffer */ -int mbedtls_md5_update_ext( mbedtls_md5_context *ctx, +int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) { @@ -300,7 +300,7 @@ static const unsigned char md5_padding[64] = /* * MD5 final digest */ -int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, +int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, unsigned char output[16] ) { int ret; @@ -318,10 +318,10 @@ int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - if( ( ret = mbedtls_md5_update_ext( ctx, md5_padding, padn ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( ctx, md5_padding, padn ) ) != 0 ) return( ret ); - if( ( ret = mbedtls_md5_update_ext( ctx, msglen, 8 ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( ctx, msglen, 8 ) ) != 0 ) return( ret ); PUT_UINT32_LE( ctx->state[0], output, 0 ); @@ -337,7 +337,7 @@ int mbedtls_md5_finish_ext( mbedtls_md5_context *ctx, /* * output = MD5( input buffer ) */ -int mbedtls_md5_ext( const unsigned char *input, +int mbedtls_md5_ret( const unsigned char *input, size_t ilen, unsigned char output[16] ) { @@ -346,13 +346,13 @@ int mbedtls_md5_ext( const unsigned char *input, mbedtls_md5_init( &ctx ); - if( ( ret = mbedtls_md5_starts_ext( &ctx ) ) != 0 ) + if( ( ret = mbedtls_md5_starts_ret( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_md5_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -413,7 +413,7 @@ int mbedtls_md5_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD5 test #%d: ", i + 1 ); - ret = mbedtls_md5_ext( md5_test_buf[i], md5_test_buflen[i], md5sum ); + ret = mbedtls_md5_ret( md5_test_buf[i], md5_test_buflen[i], md5sum ); if( ret != 0 ) goto fail; diff --git a/library/md_wrap.c b/library/md_wrap.c index bfd492736..32f087197 100644 --- a/library/md_wrap.c +++ b/library/md_wrap.c @@ -73,18 +73,18 @@ static int md2_starts_wrap( void *ctx ) { - return( mbedtls_md2_starts_ext( (mbedtls_md2_context *) ctx ) ); + return( mbedtls_md2_starts_ret( (mbedtls_md2_context *) ctx ) ); } static int md2_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_md2_update_ext( (mbedtls_md2_context *) ctx, input, ilen ) ); + return( mbedtls_md2_update_ret( (mbedtls_md2_context *) ctx, input, ilen ) ); } static int md2_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_md2_finish_ext( (mbedtls_md2_context *) ctx, output ) ); + return( mbedtls_md2_finish_ret( (mbedtls_md2_context *) ctx, output ) ); } static void *md2_ctx_alloc( void ) @@ -124,7 +124,7 @@ const mbedtls_md_info_t mbedtls_md2_info = { md2_starts_wrap, md2_update_wrap, md2_finish_wrap, - mbedtls_md2_ext, + mbedtls_md2_ret, md2_ctx_alloc, md2_ctx_free, md2_clone_wrap, @@ -137,18 +137,18 @@ const mbedtls_md_info_t mbedtls_md2_info = { static int md4_starts_wrap( void *ctx ) { - return( mbedtls_md4_starts_ext( (mbedtls_md4_context *) ctx ) ); + return( mbedtls_md4_starts_ret( (mbedtls_md4_context *) ctx ) ); } static int md4_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_md4_update_ext( (mbedtls_md4_context *) ctx, input, ilen ) ); + return( mbedtls_md4_update_ret( (mbedtls_md4_context *) ctx, input, ilen ) ); } static int md4_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_md4_finish_ext( (mbedtls_md4_context *) ctx, output ) ); + return( mbedtls_md4_finish_ret( (mbedtls_md4_context *) ctx, output ) ); } static void *md4_ctx_alloc( void ) @@ -186,7 +186,7 @@ const mbedtls_md_info_t mbedtls_md4_info = { md4_starts_wrap, md4_update_wrap, md4_finish_wrap, - mbedtls_md4_ext, + mbedtls_md4_ret, md4_ctx_alloc, md4_ctx_free, md4_clone_wrap, @@ -199,18 +199,18 @@ const mbedtls_md_info_t mbedtls_md4_info = { static int md5_starts_wrap( void *ctx ) { - return( mbedtls_md5_starts_ext( (mbedtls_md5_context *) ctx ) ); + return( mbedtls_md5_starts_ret( (mbedtls_md5_context *) ctx ) ); } static int md5_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_md5_update_ext( (mbedtls_md5_context *) ctx, input, ilen ) ); + return( mbedtls_md5_update_ret( (mbedtls_md5_context *) ctx, input, ilen ) ); } static int md5_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_md5_finish_ext( (mbedtls_md5_context *) ctx, output ) ); + return( mbedtls_md5_finish_ret( (mbedtls_md5_context *) ctx, output ) ); } static void *md5_ctx_alloc( void ) @@ -248,7 +248,7 @@ const mbedtls_md_info_t mbedtls_md5_info = { md5_starts_wrap, md5_update_wrap, md5_finish_wrap, - mbedtls_md5_ext, + mbedtls_md5_ret, md5_ctx_alloc, md5_ctx_free, md5_clone_wrap, @@ -261,19 +261,19 @@ const mbedtls_md_info_t mbedtls_md5_info = { static int ripemd160_starts_wrap( void *ctx ) { - return( mbedtls_ripemd160_starts_ext( (mbedtls_ripemd160_context *) ctx ) ); + return( mbedtls_ripemd160_starts_ret( (mbedtls_ripemd160_context *) ctx ) ); } static int ripemd160_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_ripemd160_update_ext( (mbedtls_ripemd160_context *) ctx, + return( mbedtls_ripemd160_update_ret( (mbedtls_ripemd160_context *) ctx, input, ilen ) ); } static int ripemd160_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_ripemd160_finish_ext( (mbedtls_ripemd160_context *) ctx, + return( mbedtls_ripemd160_finish_ret( (mbedtls_ripemd160_context *) ctx, output ) ); } @@ -313,7 +313,7 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { ripemd160_starts_wrap, ripemd160_update_wrap, ripemd160_finish_wrap, - mbedtls_ripemd160_ext, + mbedtls_ripemd160_ret, ripemd160_ctx_alloc, ripemd160_ctx_free, ripemd160_clone_wrap, @@ -326,19 +326,19 @@ const mbedtls_md_info_t mbedtls_ripemd160_info = { static int sha1_starts_wrap( void *ctx ) { - return( mbedtls_sha1_starts_ext( (mbedtls_sha1_context *) ctx ) ); + return( mbedtls_sha1_starts_ret( (mbedtls_sha1_context *) ctx ) ); } static int sha1_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_sha1_update_ext( (mbedtls_sha1_context *) ctx, + return( mbedtls_sha1_update_ret( (mbedtls_sha1_context *) ctx, input, ilen ) ); } static int sha1_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_sha1_finish_ext( (mbedtls_sha1_context *) ctx, output ) ); + return( mbedtls_sha1_finish_ret( (mbedtls_sha1_context *) ctx, output ) ); } static void *sha1_ctx_alloc( void ) @@ -377,7 +377,7 @@ const mbedtls_md_info_t mbedtls_sha1_info = { sha1_starts_wrap, sha1_update_wrap, sha1_finish_wrap, - mbedtls_sha1_ext, + mbedtls_sha1_ret, sha1_ctx_alloc, sha1_ctx_free, sha1_clone_wrap, @@ -393,26 +393,26 @@ const mbedtls_md_info_t mbedtls_sha1_info = { static int sha224_starts_wrap( void *ctx ) { - return( mbedtls_sha256_starts_ext( (mbedtls_sha256_context *) ctx, 1 ) ); + return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 1 ) ); } static int sha224_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_sha256_update_ext( (mbedtls_sha256_context *) ctx, + return( mbedtls_sha256_update_ret( (mbedtls_sha256_context *) ctx, input, ilen ) ); } static int sha224_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_sha256_finish_ext( (mbedtls_sha256_context *) ctx, + return( mbedtls_sha256_finish_ret( (mbedtls_sha256_context *) ctx, output ) ); } static int sha224_wrap( const unsigned char *input, size_t ilen, unsigned char *output ) { - return( mbedtls_sha256_ext( input, ilen, output, 1 ) ); + return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); } static void *sha224_ctx_alloc( void ) @@ -460,13 +460,13 @@ const mbedtls_md_info_t mbedtls_sha224_info = { static int sha256_starts_wrap( void *ctx ) { - return( mbedtls_sha256_starts_ext( (mbedtls_sha256_context *) ctx, 0 ) ); + return( mbedtls_sha256_starts_ret( (mbedtls_sha256_context *) ctx, 0 ) ); } static int sha256_wrap( const unsigned char *input, size_t ilen, unsigned char *output ) { - return( mbedtls_sha256_ext( input, ilen, output, 0 ) ); + return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); } const mbedtls_md_info_t mbedtls_sha256_info = { @@ -490,26 +490,26 @@ const mbedtls_md_info_t mbedtls_sha256_info = { static int sha384_starts_wrap( void *ctx ) { - return( mbedtls_sha512_starts_ext( (mbedtls_sha512_context *) ctx, 1 ) ); + return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 1 ) ); } static int sha384_update_wrap( void *ctx, const unsigned char *input, size_t ilen ) { - return( mbedtls_sha512_update_ext( (mbedtls_sha512_context *) ctx, + return( mbedtls_sha512_update_ret( (mbedtls_sha512_context *) ctx, input, ilen ) ); } static int sha384_finish_wrap( void *ctx, unsigned char *output ) { - return( mbedtls_sha512_finish_ext( (mbedtls_sha512_context *) ctx, + return( mbedtls_sha512_finish_ret( (mbedtls_sha512_context *) ctx, output ) ); } static int sha384_wrap( const unsigned char *input, size_t ilen, unsigned char *output ) { - return( mbedtls_sha512_ext( input, ilen, output, 1 ) ); + return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); } static void *sha384_ctx_alloc( void ) @@ -557,13 +557,13 @@ const mbedtls_md_info_t mbedtls_sha384_info = { static int sha512_starts_wrap( void *ctx ) { - return( mbedtls_sha512_starts_ext( (mbedtls_sha512_context *) ctx, 0 ) ); + return( mbedtls_sha512_starts_ret( (mbedtls_sha512_context *) ctx, 0 ) ); } static int sha512_wrap( const unsigned char *input, size_t ilen, unsigned char *output ) { - return( mbedtls_sha512_ext( input, ilen, output, 0 ) ); + return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); } const mbedtls_md_info_t mbedtls_sha512_info = { diff --git a/library/pem.c b/library/pem.c index dea6f9962..bbcfd9bb6 100644 --- a/library/pem.c +++ b/library/pem.c @@ -96,13 +96,13 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen, /* * key[ 0..15] = MD5(pwd || IV) */ - if( ( ret = mbedtls_md5_starts_ext( &md5_ctx ) ) != 0 ) + if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5_ctx, pwd, pwdlen ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5_ctx, iv, 8 ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_finish_ext( &md5_ctx, md5sum ) ) != 0 ) + if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 ) goto exit; if( keylen <= 16 ) @@ -116,15 +116,15 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen, /* * key[16..23] = MD5(key[ 0..15] || pwd || IV]) */ - if( ( ret = mbedtls_md5_starts_ext( &md5_ctx ) ) != 0 ) + if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5_ctx, md5sum, 16 ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5_ctx, pwd, pwdlen ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5_ctx, iv, 8 ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_finish_ext( &md5_ctx, md5sum ) ) != 0 ) + if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 ) goto exit; use_len = 16; diff --git a/library/ripemd160.c b/library/ripemd160.c index 274a7c9c7..260fee686 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -96,7 +96,7 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, /* * RIPEMD-160 context setup */ -int mbedtls_ripemd160_starts_ext( mbedtls_ripemd160_context *ctx ) +int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -298,7 +298,7 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, /* * RIPEMD-160 process buffer */ -int mbedtls_ripemd160_update_ext( mbedtls_ripemd160_context *ctx, +int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, const unsigned char *input, size_t ilen ) { @@ -358,7 +358,7 @@ static const unsigned char ripemd160_padding[64] = /* * RIPEMD-160 final digest */ -int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, +int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, unsigned char output[20] ) { int ret; @@ -376,11 +376,11 @@ int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - ret = mbedtls_ripemd160_update_ext( ctx, ripemd160_padding, padn ); + ret = mbedtls_ripemd160_update_ret( ctx, ripemd160_padding, padn ); if( ret != 0 ) return( ret ); - ret = mbedtls_ripemd160_update_ext( ctx, msglen, 8 ); + ret = mbedtls_ripemd160_update_ret( ctx, msglen, 8 ); if( ret != 0 ) return( ret ); @@ -396,7 +396,7 @@ int mbedtls_ripemd160_finish_ext( mbedtls_ripemd160_context *ctx, /* * output = RIPEMD-160( input buffer ) */ -int mbedtls_ripemd160_ext( const unsigned char *input, +int mbedtls_ripemd160_ret( const unsigned char *input, size_t ilen, unsigned char output[20] ) { @@ -405,13 +405,13 @@ int mbedtls_ripemd160_ext( const unsigned char *input, mbedtls_ripemd160_init( &ctx ); - if( ( ret = mbedtls_ripemd160_starts_ext( &ctx ) ) != 0 ) + if( ( ret = mbedtls_ripemd160_starts_ret( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_ripemd160_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_ripemd160_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_ripemd160_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_ripemd160_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -479,7 +479,7 @@ int mbedtls_ripemd160_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " RIPEMD-160 test #%d: ", i + 1 ); - ret = mbedtls_ripemd160_ext( ripemd160_test_str[i], + ret = mbedtls_ripemd160_ret( ripemd160_test_str[i], ripemd160_test_strlen[i], output ); if( ret != 0 ) goto fail; diff --git a/library/rsa.c b/library/rsa.c index ab0bd678d..1909744a7 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2259,7 +2259,7 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " PKCS#1 data sign : " ); - if( mbedtls_sha1_ext( rsa_plaintext, PT_LEN, sha1sum ) != 0 ) + if( mbedtls_sha1_ret( rsa_plaintext, PT_LEN, sha1sum ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); diff --git a/library/sha1.c b/library/sha1.c index 8d3895035..8432eba8b 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -97,7 +97,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, /* * SHA-1 context setup */ -int mbedtls_sha1_starts_ext( mbedtls_sha1_context *ctx ) +int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -275,7 +275,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, /* * SHA-1 process buffer */ -int mbedtls_sha1_update_ext( mbedtls_sha1_context *ctx, +int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) { @@ -333,7 +333,7 @@ static const unsigned char sha1_padding[64] = /* * SHA-1 final digest */ -int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, +int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, unsigned char output[20] ) { int ret; @@ -351,9 +351,9 @@ int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - if( ( ret = mbedtls_sha1_update_ext( ctx, sha1_padding, padn ) ) != 0 ) + if( ( ret = mbedtls_sha1_update_ret( ctx, sha1_padding, padn ) ) != 0 ) return( ret ); - if( ( ret = mbedtls_sha1_update_ext( ctx, msglen, 8 ) ) != 0 ) + if( ( ret = mbedtls_sha1_update_ret( ctx, msglen, 8 ) ) != 0 ) return( ret ); PUT_UINT32_BE( ctx->state[0], output, 0 ); @@ -370,7 +370,7 @@ int mbedtls_sha1_finish_ext( mbedtls_sha1_context *ctx, /* * output = SHA-1( input buffer ) */ -int mbedtls_sha1_ext( const unsigned char *input, +int mbedtls_sha1_ret( const unsigned char *input, size_t ilen, unsigned char output[20] ) { @@ -379,13 +379,13 @@ int mbedtls_sha1_ext( const unsigned char *input, mbedtls_sha1_init( &ctx ); - if( ( ret = mbedtls_sha1_starts_ext( &ctx ) ) != 0 ) + if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_sha1_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_sha1_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -440,7 +440,7 @@ int mbedtls_sha1_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-1 test #%d: ", i + 1 ); - if( ( ret = mbedtls_sha1_starts_ext( &ctx ) ) != 0 ) + if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 ) goto fail; if( i == 2 ) @@ -449,20 +449,20 @@ int mbedtls_sha1_self_test( int verbose ) for( j = 0; j < 1000; j++ ) { - ret = mbedtls_sha1_update_ext( &ctx, buf, buflen ); + ret = mbedtls_sha1_update_ret( &ctx, buf, buflen ); if( ret != 0 ) goto fail; } } else { - ret = mbedtls_sha1_update_ext( &ctx, sha1_test_buf[i], + ret = mbedtls_sha1_update_ret( &ctx, sha1_test_buf[i], sha1_test_buflen[i] ); if( ret != 0 ) goto fail; } - if( ( ret = mbedtls_sha1_finish_ext( &ctx, sha1sum ) ) != 0 ) + if( ( ret = mbedtls_sha1_finish_ret( &ctx, sha1sum ) ) != 0 ) goto fail; if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 ) diff --git a/library/sha256.c b/library/sha256.c index b76569792..abcd64d13 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -100,7 +100,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, /* * SHA-256 context setup */ -int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ) +int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -243,7 +243,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, /* * SHA-256 process buffer */ -int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, +int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) { @@ -301,7 +301,7 @@ static const unsigned char sha256_padding[64] = /* * SHA-256 final digest */ -int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, +int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, unsigned char output[32] ) { int ret; @@ -319,10 +319,10 @@ int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - if( ( ret = mbedtls_sha256_update_ext( ctx, sha256_padding, padn ) ) != 0 ) + if( ( ret = mbedtls_sha256_update_ret( ctx, sha256_padding, padn ) ) != 0 ) return( ret ); - if( ( ret = mbedtls_sha256_update_ext( ctx, msglen, 8 ) ) != 0 ) + if( ( ret = mbedtls_sha256_update_ret( ctx, msglen, 8 ) ) != 0 ) return( ret ); PUT_UINT32_BE( ctx->state[0], output, 0 ); @@ -344,7 +344,7 @@ int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, /* * output = SHA-256( input buffer ) */ -int mbedtls_sha256_ext( const unsigned char *input, +int mbedtls_sha256_ret( const unsigned char *input, size_t ilen, unsigned char output[32], int is224 ) @@ -354,13 +354,13 @@ int mbedtls_sha256_ext( const unsigned char *input, mbedtls_sha256_init( &ctx ); - if( ( ret = mbedtls_sha256_starts_ext( &ctx, is224 ) ) != 0 ) + if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha256_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha256_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -449,7 +449,7 @@ int mbedtls_sha256_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); - if( ( ret = mbedtls_sha256_starts_ext( &ctx, k ) ) != 0 ) + if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 ) goto fail; if( j == 2 ) @@ -458,7 +458,7 @@ int mbedtls_sha256_self_test( int verbose ) for( j = 0; j < 1000; j++ ) { - ret = mbedtls_sha256_update_ext( &ctx, buf, buflen ); + ret = mbedtls_sha256_update_ret( &ctx, buf, buflen ); if( ret != 0 ) goto fail; } @@ -466,13 +466,13 @@ int mbedtls_sha256_self_test( int verbose ) } else { - ret = mbedtls_sha256_update_ext( &ctx, sha256_test_buf[j], + ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j], sha256_test_buflen[j] ); if( ret != 0 ) goto fail; } - if( ( ret = mbedtls_sha256_finish_ext( &ctx, sha256sum ) ) != 0 ) + if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 ) goto fail; diff --git a/library/sha512.c b/library/sha512.c index d0faba941..c99b6da95 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -114,7 +114,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, /* * SHA-512 context setup */ -int mbedtls_sha512_starts_ext( mbedtls_sha512_context *ctx, int is384 ) +int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -274,7 +274,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, /* * SHA-512 process buffer */ -int mbedtls_sha512_update_ext( mbedtls_sha512_context *ctx, +int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen ) { @@ -335,7 +335,7 @@ static const unsigned char sha512_padding[128] = /* * SHA-512 final digest */ -int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, +int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, unsigned char output[64] ) { int ret; @@ -353,10 +353,10 @@ int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, last = (size_t)( ctx->total[0] & 0x7F ); padn = ( last < 112 ) ? ( 112 - last ) : ( 240 - last ); - if( ( ret = mbedtls_sha512_update_ext( ctx, sha512_padding, padn ) ) != 0 ) + if( ( ret = mbedtls_sha512_update_ret( ctx, sha512_padding, padn ) ) != 0 ) return( ret ); - if( ( ret = mbedtls_sha512_update_ext( ctx, msglen, 16 ) ) != 0 ) + if( ( ret = mbedtls_sha512_update_ret( ctx, msglen, 16 ) ) != 0 ) return( ret ); PUT_UINT64_BE( ctx->state[0], output, 0 ); @@ -380,7 +380,7 @@ int mbedtls_sha512_finish_ext( mbedtls_sha512_context *ctx, /* * output = SHA-512( input buffer ) */ -int mbedtls_sha512_ext( const unsigned char *input, +int mbedtls_sha512_ret( const unsigned char *input, size_t ilen, unsigned char output[64], int is384 ) @@ -390,13 +390,13 @@ int mbedtls_sha512_ext( const unsigned char *input, mbedtls_sha512_init( &ctx ); - if( ( ret = mbedtls_sha512_starts_ext( &ctx, is384 ) ) != 0 ) + if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha512_update_ext( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_sha512_update_ret( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha512_finish_ext( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_sha512_finish_ret( &ctx, output ) ) != 0 ) goto exit; exit: @@ -505,7 +505,7 @@ int mbedtls_sha512_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); - if( ( ret = mbedtls_sha512_starts_ext( &ctx, k ) ) != 0 ) + if( ( ret = mbedtls_sha512_starts_ret( &ctx, k ) ) != 0 ) goto fail; if( j == 2 ) @@ -514,20 +514,20 @@ int mbedtls_sha512_self_test( int verbose ) for( j = 0; j < 1000; j++ ) { - ret = mbedtls_sha512_update_ext( &ctx, buf, buflen ); + ret = mbedtls_sha512_update_ret( &ctx, buf, buflen ); if( ret != 0 ) goto fail; } } else { - ret = mbedtls_sha512_update_ext( &ctx, sha512_test_buf[j], + ret = mbedtls_sha512_update_ret( &ctx, sha512_test_buf[j], sha512_test_buflen[j] ); if( ret != 0 ) goto fail; } - if( ( ret = mbedtls_sha512_finish_ext( &ctx, sha512sum ) ) != 0 ) + if( ( ret = mbedtls_sha512_finish_ret( &ctx, sha512sum ) ) != 0 ) goto fail; if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7bee4e8f5..4f9a084b8 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -244,24 +244,24 @@ static int ssl3_prf( const unsigned char *secret, size_t slen, { memset( padding, (unsigned char) ('A' + i), 1 + i ); - if( ( ret = mbedtls_sha1_starts_ext( &sha1 ) ) != 0 ) + if( ( ret = mbedtls_sha1_starts_ret( &sha1 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_update_ext( &sha1, padding, 1 + i ) ) != 0 ) + if( ( ret = mbedtls_sha1_update_ret( &sha1, padding, 1 + i ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_update_ext( &sha1, secret, slen ) ) != 0 ) + if( ( ret = mbedtls_sha1_update_ret( &sha1, secret, slen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_update_ext( &sha1, random, rlen ) ) != 0 ) + if( ( ret = mbedtls_sha1_update_ret( &sha1, random, rlen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_finish_ext( &sha1, sha1sum ) ) != 0 ) + if( ( ret = mbedtls_sha1_finish_ret( &sha1, sha1sum ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_starts_ext( &md5 ) ) != 0 ) + if( ( ret = mbedtls_md5_starts_ret( &md5 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5, secret, slen ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5, secret, slen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ext( &md5, sha1sum, 20 ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &md5, sha1sum, 20 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_finish_ext( &md5, dstbuf + i * 16 ) ) != 0 ) + if( ( ret = mbedtls_md5_finish_ret( &md5, dstbuf + i * 16 ) ) != 0 ) goto exit; } @@ -989,25 +989,25 @@ void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] ) memset( pad_1, 0x36, 48 ); memset( pad_2, 0x5C, 48 ); - mbedtls_md5_update_ext( &md5, ssl->session_negotiate->master, 48 ); - mbedtls_md5_update_ext( &md5, pad_1, 48 ); - mbedtls_md5_finish_ext( &md5, hash ); + mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 ); + mbedtls_md5_update_ret( &md5, pad_1, 48 ); + mbedtls_md5_finish_ret( &md5, hash ); - mbedtls_md5_starts_ext( &md5 ); - mbedtls_md5_update_ext( &md5, ssl->session_negotiate->master, 48 ); - mbedtls_md5_update_ext( &md5, pad_2, 48 ); - mbedtls_md5_update_ext( &md5, hash, 16 ); - mbedtls_md5_finish_ext( &md5, hash ); + mbedtls_md5_starts_ret( &md5 ); + mbedtls_md5_update_ret( &md5, ssl->session_negotiate->master, 48 ); + mbedtls_md5_update_ret( &md5, pad_2, 48 ); + mbedtls_md5_update_ret( &md5, hash, 16 ); + mbedtls_md5_finish_ret( &md5, hash ); - mbedtls_sha1_update_ext( &sha1, ssl->session_negotiate->master, 48 ); - mbedtls_sha1_update_ext( &sha1, pad_1, 40 ); - mbedtls_sha1_finish_ext( &sha1, hash + 16 ); + mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 ); + mbedtls_sha1_update_ret( &sha1, pad_1, 40 ); + mbedtls_sha1_finish_ret( &sha1, hash + 16 ); - mbedtls_sha1_starts_ext( &sha1 ); - mbedtls_sha1_update_ext( &sha1, ssl->session_negotiate->master, 48 ); - mbedtls_sha1_update_ext( &sha1, pad_2, 40 ); - mbedtls_sha1_update_ext( &sha1, hash + 16, 20 ); - mbedtls_sha1_finish_ext( &sha1, hash + 16 ); + mbedtls_sha1_starts_ret( &sha1 ); + mbedtls_sha1_update_ret( &sha1, ssl->session_negotiate->master, 48 ); + mbedtls_sha1_update_ret( &sha1, pad_2, 40 ); + mbedtls_sha1_update_ret( &sha1, hash + 16, 20 ); + mbedtls_sha1_finish_ret( &sha1, hash + 16 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -1033,8 +1033,8 @@ void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] ) mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 ); mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 ); - mbedtls_md5_finish_ext( &md5, hash ); - mbedtls_sha1_finish_ext( &sha1, hash + 16 ); + mbedtls_md5_finish_ret( &md5, hash ); + mbedtls_sha1_finish_ret( &sha1, hash + 16 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -1057,7 +1057,7 @@ void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); - mbedtls_sha256_finish_ext( &sha256, hash ); + mbedtls_sha256_finish_ret( &sha256, hash ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -1078,7 +1078,7 @@ void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48 MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); - mbedtls_sha512_finish_ext( &sha512, hash ); + mbedtls_sha512_finish_ret( &sha512, hash ); MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) ); @@ -4854,15 +4854,15 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) { #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_starts_ext( &ssl->handshake->fin_md5 ); - mbedtls_sha1_starts_ext( &ssl->handshake->fin_sha1 ); + mbedtls_md5_starts_ret( &ssl->handshake->fin_md5 ); + mbedtls_sha1_starts_ret( &ssl->handshake->fin_sha1 ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) - mbedtls_sha256_starts_ext( &ssl->handshake->fin_sha256, 0 ); + mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 ); #endif #if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_starts_ext( &ssl->handshake->fin_sha512, 1 ); + mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } @@ -4872,15 +4872,15 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, { #if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) - mbedtls_md5_update_ext( &ssl->handshake->fin_md5 , buf, len ); - mbedtls_sha1_update_ext( &ssl->handshake->fin_sha1, buf, len ); + mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len ); + mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) - mbedtls_sha256_update_ext( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); #endif #if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_update_ext( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ } @@ -4890,8 +4890,8 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_md5_update_ext( &ssl->handshake->fin_md5 , buf, len ); - mbedtls_sha1_update_ext( &ssl->handshake->fin_sha1, buf, len ); + mbedtls_md5_update_ret( &ssl->handshake->fin_md5 , buf, len ); + mbedtls_sha1_update_ret( &ssl->handshake->fin_sha1, buf, len ); } #endif @@ -4900,7 +4900,7 @@ static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl, static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_sha256_update_ext( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); } #endif @@ -4908,7 +4908,7 @@ static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len ) { - mbedtls_sha512_update_ext( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); } #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -4961,29 +4961,29 @@ static void ssl_calc_finished_ssl( memset( padbuf, 0x36, 48 ); - mbedtls_md5_update_ext( &md5, (const unsigned char *) sender, 4 ); - mbedtls_md5_update_ext( &md5, session->master, 48 ); - mbedtls_md5_update_ext( &md5, padbuf, 48 ); - mbedtls_md5_finish_ext( &md5, md5sum ); + mbedtls_md5_update_ret( &md5, (const unsigned char *) sender, 4 ); + mbedtls_md5_update_ret( &md5, session->master, 48 ); + mbedtls_md5_update_ret( &md5, padbuf, 48 ); + mbedtls_md5_finish_ret( &md5, md5sum ); - mbedtls_sha1_update_ext( &sha1, (const unsigned char *) sender, 4 ); - mbedtls_sha1_update_ext( &sha1, session->master, 48 ); - mbedtls_sha1_update_ext( &sha1, padbuf, 40 ); - mbedtls_sha1_finish_ext( &sha1, sha1sum ); + mbedtls_sha1_update_ret( &sha1, (const unsigned char *) sender, 4 ); + mbedtls_sha1_update_ret( &sha1, session->master, 48 ); + mbedtls_sha1_update_ret( &sha1, padbuf, 40 ); + mbedtls_sha1_finish_ret( &sha1, sha1sum ); memset( padbuf, 0x5C, 48 ); - mbedtls_md5_starts_ext( &md5 ); - mbedtls_md5_update_ext( &md5, session->master, 48 ); - mbedtls_md5_update_ext( &md5, padbuf, 48 ); - mbedtls_md5_update_ext( &md5, md5sum, 16 ); - mbedtls_md5_finish_ext( &md5, buf ); + mbedtls_md5_starts_ret( &md5 ); + mbedtls_md5_update_ret( &md5, session->master, 48 ); + mbedtls_md5_update_ret( &md5, padbuf, 48 ); + mbedtls_md5_update_ret( &md5, md5sum, 16 ); + mbedtls_md5_finish_ret( &md5, buf ); - mbedtls_sha1_starts_ext( &sha1 ); - mbedtls_sha1_update_ext( &sha1, session->master, 48 ); - mbedtls_sha1_update_ext( &sha1, padbuf , 40 ); - mbedtls_sha1_update_ext( &sha1, sha1sum, 20 ); - mbedtls_sha1_finish_ext( &sha1, buf + 16 ); + mbedtls_sha1_starts_ret( &sha1 ); + mbedtls_sha1_update_ret( &sha1, session->master, 48 ); + mbedtls_sha1_update_ret( &sha1, padbuf , 40 ); + mbedtls_sha1_update_ret( &sha1, sha1sum, 20 ); + mbedtls_sha1_finish_ret( &sha1, buf + 16 ); MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 ); @@ -5040,8 +5040,8 @@ static void ssl_calc_finished_tls( ? "client finished" : "server finished"; - mbedtls_md5_finish_ext( &md5, padbuf ); - mbedtls_sha1_finish_ext( &sha1, padbuf + 16 ); + mbedtls_md5_finish_ret( &md5, padbuf ); + mbedtls_sha1_finish_ret( &sha1, padbuf + 16 ); ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 36, buf, len ); @@ -5092,7 +5092,7 @@ static void ssl_calc_finished_tls_sha256( ? "client finished" : "server finished"; - mbedtls_sha256_finish_ext( &sha256, padbuf ); + mbedtls_sha256_finish_ret( &sha256, padbuf ); ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 32, buf, len ); @@ -5141,7 +5141,7 @@ static void ssl_calc_finished_tls_sha384( ? "client finished" : "server finished"; - mbedtls_sha512_finish_ext( &sha512, padbuf ); + mbedtls_sha512_finish_ret( &sha512, padbuf ); ssl->handshake->tls_prf( session->master, 48, sender, padbuf, 48, buf, len ); @@ -5455,17 +5455,17 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) defined(MBEDTLS_SSL_PROTO_TLS1_1) mbedtls_md5_init( &handshake->fin_md5 ); mbedtls_sha1_init( &handshake->fin_sha1 ); - mbedtls_md5_starts_ext( &handshake->fin_md5 ); - mbedtls_sha1_starts_ext( &handshake->fin_sha1 ); + mbedtls_md5_starts_ret( &handshake->fin_md5 ); + mbedtls_sha1_starts_ret( &handshake->fin_sha1 ); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) #if defined(MBEDTLS_SHA256_C) mbedtls_sha256_init( &handshake->fin_sha256 ); - mbedtls_sha256_starts_ext( &handshake->fin_sha256, 0 ); + mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 ); #endif #if defined(MBEDTLS_SHA512_C) mbedtls_sha512_init( &handshake->fin_sha512 ); - mbedtls_sha512_starts_ext( &handshake->fin_sha512, 1 ); + mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 ); #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -8095,49 +8095,49 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl, * SHA(ClientHello.random + ServerHello.random * + ServerParams); */ - if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 ) + if( ( ret = mbedtls_md5_starts_ret( &mbedtls_md5 ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_starts_ret", ret ); goto exit; } - if( ( ret = mbedtls_md5_update_ext( &mbedtls_md5, + if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, ssl->handshake->randbytes, 64 ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret ); goto exit; } - if( ( ret = mbedtls_md5_update_ext( &mbedtls_md5, data, data_len ) ) != 0 ) + if( ( ret = mbedtls_md5_update_ret( &mbedtls_md5, data, data_len ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_update_ret", ret ); goto exit; } - if( ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, output ) ) != 0 ) + if( ( ret = mbedtls_md5_finish_ret( &mbedtls_md5, output ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_finish_ret", ret ); goto exit; } - if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 ) + if( ( ret = mbedtls_sha1_starts_ret( &mbedtls_sha1 ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_starts_ret", ret ); goto exit; } - if( ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, + if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, ssl->handshake->randbytes, 64 ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret ); goto exit; } - if( ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, data, + if( ( ret = mbedtls_sha1_update_ret( &mbedtls_sha1, data, data_len ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_update_ret", ret ); goto exit; } - if( ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1, + if( ( ret = mbedtls_sha1_finish_ret( &mbedtls_sha1, output + 16 ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ext", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_finish_ret", ret ); goto exit; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 3ec55a5ac..41dfe87b7 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -177,7 +177,7 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct memset( buf, 0, sizeof(buf) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) ); - ret = mbedtls_sha1_ext( buf + sizeof( buf ) - len, len, + ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 ); if( ret != 0 ) return( ret ); @@ -202,7 +202,7 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert * memset( buf, 0, sizeof(buf) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); - ret = mbedtls_sha1_ext( buf + sizeof( buf ) - len, len, + ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 ); if( ret != 0 ) return( ret ); diff --git a/programs/hash/hello.c b/programs/hash/hello.c index a0c08c734..2e8c2244d 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -54,7 +54,7 @@ int main( void ) mbedtls_printf( "\n MD5('%s') = ", str ); - if( ( ret = mbedtls_md5_ext( (unsigned char *) str, 13, digest ) ) != 0 ) + if( ( ret = mbedtls_md5_ret( (unsigned char *) str, 13, digest ) ) != 0 ) return( MBEDTLS_EXIT_FAILURE ); for( i = 0; i < 16; i++ ) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 21c4a815f..0978408c1 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -212,9 +212,9 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_sha1_ext( buf, (int)( p - 2 - buf ), hash ) ) != 0 ) + if( ( ret = mbedtls_sha1_ret( buf, (int)( p - 2 - buf ), hash ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_sha1_ext returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret ); goto exit; } diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index f1d3be363..4d8632bf9 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -217,9 +217,9 @@ int main( void ) /* * 5. Sign the parameters and send them */ - if( ( ret = mbedtls_sha1_ext( buf, n, hash ) ) != 0 ) + if( ( ret = mbedtls_sha1_ret( buf, n, hash ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_sha1_ext returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret ); goto exit; } diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index ecb6c2230..b47406010 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -163,9 +163,9 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Computing message hash..." ); fflush( stdout ); - if( ( ret = mbedtls_sha256_ext( message, sizeof( message ), hash, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha256_ret( message, sizeof( message ), hash, 0 ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_sha256_ext returned %d\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_sha256_ret returned %d\n", ret ); goto exit; } diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 539d9adda..419557de5 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -327,32 +327,32 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_MD4_C) if( todo.md4 ) - TIME_AND_TSC( "MD4", mbedtls_md4_ext( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "MD4", mbedtls_md4_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_MD5_C) if( todo.md5 ) - TIME_AND_TSC( "MD5", mbedtls_md5_ext( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "MD5", mbedtls_md5_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_RIPEMD160_C) if( todo.ripemd160 ) - TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ext( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA1_C) if( todo.sha1 ) - TIME_AND_TSC( "SHA-1", mbedtls_sha1_ext( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "SHA-1", mbedtls_sha1_ret( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA256_C) if( todo.sha256 ) - TIME_AND_TSC( "SHA-256", mbedtls_sha256_ext( buf, BUFSIZE, tmp, 0 ) ); + TIME_AND_TSC( "SHA-256", mbedtls_sha256_ret( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_SHA512_C) if( todo.sha512 ) - TIME_AND_TSC( "SHA-512", mbedtls_sha512_ext( buf, BUFSIZE, tmp, 0 ) ); + TIME_AND_TSC( "SHA-512", mbedtls_sha512_ret( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_ARC4_C) diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index 387e7eeb7..648a9cc35 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -19,7 +19,7 @@ void md2_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - ret = mbedtls_md2_ext( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ) ; hexify( hash_str, output, sizeof output ); @@ -41,7 +41,7 @@ void md4_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - ret = mbedtls_md4_ext( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); hexify( hash_str, output, sizeof output ); @@ -63,7 +63,7 @@ void md5_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - ret = mbedtls_md5_ext( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); hexify( hash_str, output, sizeof output ); @@ -85,7 +85,7 @@ void ripemd160_text( char *text_src_string, char *hex_hash_string ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - ret = mbedtls_ripemd160_ext( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); hexify( hash_str, output, sizeof output ); diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index b6f8f510c..d704b388b 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -18,7 +18,7 @@ void mbedtls_sha1( char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - TEST_ASSERT( mbedtls_sha1_ext( src_str, src_len, output ) == 0 ); + TEST_ASSERT( mbedtls_sha1_ret( src_str, src_len, output ) == 0 ); hexify( hash_str, output, 20 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -39,7 +39,7 @@ void sha224(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - TEST_ASSERT( mbedtls_sha256_ext( src_str, src_len, output, 1 ) == 0 ); + TEST_ASSERT( mbedtls_sha256_ret( src_str, src_len, output, 1 ) == 0 ); hexify( hash_str, output, 28 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -60,7 +60,7 @@ void mbedtls_sha256(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - TEST_ASSERT( mbedtls_sha256_ext( src_str, src_len, output, 0 ) == 0 ); + TEST_ASSERT( mbedtls_sha256_ret( src_str, src_len, output, 0 ) == 0 ); hexify( hash_str, output, 32 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -81,7 +81,7 @@ void sha384(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - TEST_ASSERT( mbedtls_sha512_ext( src_str, src_len, output, 1 ) == 0 ); + TEST_ASSERT( mbedtls_sha512_ret( src_str, src_len, output, 1 ) == 0 ); hexify( hash_str, output, 48 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); @@ -102,7 +102,7 @@ void mbedtls_sha512(char *hex_src_string, char *hex_hash_string ) src_len = unhexify( src_str, hex_src_string ); - TEST_ASSERT( mbedtls_sha512_ext( src_str, src_len, output, 0 ) == 0 ); + TEST_ASSERT( mbedtls_sha512_ret( src_str, src_len, output, 0 ) == 0 ); hexify( hash_str, output, 64 ); TEST_ASSERT( strcmp( (char *) hash_str, hex_hash_string ) == 0 ); From 3e28d70813542d32ff398cd9ce608086df95826b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Jan 2018 12:18:59 +0100 Subject: [PATCH 39/43] New MD API: update version number in deprecation statements --- include/mbedtls/md2.h | 10 +++++----- include/mbedtls/md4.h | 10 +++++----- include/mbedtls/md5.h | 10 +++++----- include/mbedtls/ripemd160.h | 10 +++++----- include/mbedtls/sha1.h | 10 +++++----- include/mbedtls/sha256.h | 10 +++++----- include/mbedtls/sha512.h | 10 +++++----- 7 files changed, 35 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 0df6b36f4..925c69dde 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -130,7 +130,7 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); /** * \brief MD2 context setup * - * \deprecated Superseded by mbedtls_md2_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_starts_ret() in 2.7.0 * * \param ctx context to be initialized */ @@ -143,7 +143,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_starts( /** * \brief MD2 process buffer * - * \deprecated Superseded by mbedtls_md2_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_update_ret() in 2.7.0 * * \param ctx MD2 context * \param input buffer holding the data @@ -160,7 +160,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_update( /** * \brief MD2 final digest * - * \deprecated Superseded by mbedtls_md2_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_finish_ret() in 2.7.0 * * \param ctx MD2 context * \param output MD2 checksum result @@ -175,7 +175,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md2_finish( /** * \brief MD2 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_md2_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_md2_process() in 2.7.0 * * \param ctx MD2 context */ @@ -220,7 +220,7 @@ int mbedtls_md2_ret( const unsigned char *input, /** * \brief Output = MD2( input buffer ) * - * \deprecated Superseded by mbedtls_md2_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md2_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index acd09bd61..f9341a856 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -132,7 +132,7 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, /** * \brief MD4 context setup * - * \deprecated Superseded by mbedtls_md4_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_starts_ret() in 2.7.0 * * \param ctx context to be initialized */ @@ -145,7 +145,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_starts( /** * \brief MD4 process buffer * - * \deprecated Superseded by mbedtls_md4_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_update_ret() in 2.7.0 * * \param ctx MD4 context * \param input buffer holding the data @@ -162,7 +162,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_update( /** * \brief MD4 final digest * - * \deprecated Superseded by mbedtls_md4_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_finish_ret() in 2.7.0 * * \param ctx MD4 context * \param output MD4 checksum result @@ -177,7 +177,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md4_finish( /** * \brief MD4 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_md4_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_md4_process() in 2.7.0 * * \param ctx MD4 context * \param data buffer holding one block of data @@ -226,7 +226,7 @@ int mbedtls_md4_ret( const unsigned char *input, /** * \brief Output = MD4( input buffer ) * - * \deprecated Superseded by mbedtls_md4_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md4_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 18db8b734..4f8c92197 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -127,7 +127,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, /** * \brief MD5 context setup * - * \deprecated Superseded by mbedtls_md5_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_starts_ret() in 2.7.0 * * \param ctx context to be initialized */ @@ -140,7 +140,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_starts( /** * \brief MD5 process buffer * - * \deprecated Superseded by mbedtls_md5_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_update_ret() in 2.7.0 * * \param ctx MD5 context * \param input buffer holding the data @@ -157,7 +157,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_update( /** * \brief MD5 final digest * - * \deprecated Superseded by mbedtls_md5_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_finish_ret() in 2.7.0 * * \param ctx MD5 context * \param output MD5 checksum result @@ -172,7 +172,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_md5_finish( /** * \brief MD5 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_md5_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_md5_process() in 2.7.0 * * \param ctx MD5 context * \param data buffer holding one block of data @@ -221,7 +221,7 @@ int mbedtls_md5_ret( const unsigned char *input, /** * \brief Output = MD5( input buffer ) * - * \deprecated Superseded by mbedtls_md5_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_md5_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index ea679810e..ad548d302 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -132,7 +132,7 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, /** * \brief RIPEMD-160 context setup * - * \deprecated Superseded by mbedtls_ripemd160_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_starts_ret() in 2.7.0 * * \param ctx context to be initialized */ @@ -145,7 +145,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_starts( /** * \brief RIPEMD-160 process buffer * - * \deprecated Superseded by mbedtls_ripemd160_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_update_ret() in 2.7.0 * * \param ctx RIPEMD-160 context * \param input buffer holding the data @@ -162,7 +162,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_update( /** * \brief RIPEMD-160 final digest * - * \deprecated Superseded by mbedtls_ripemd160_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_finish_ret() in 2.7.0 * * \param ctx RIPEMD-160 context * \param output RIPEMD-160 checksum result @@ -177,7 +177,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_finish( /** * \brief RIPEMD-160 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_ripemd160_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_ripemd160_process() in 2.7.0 * * \param ctx RIPEMD-160 context * \param data buffer holding one block of data @@ -226,7 +226,7 @@ int mbedtls_ripemd160_ret( const unsigned char *input, /** * \brief Output = RIPEMD-160( input buffer ) * - * \deprecated Superseded by mbedtls_ripemd160_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_ripemd160_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 57bfea4e6..03c474bc6 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -132,7 +132,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, /** * \brief SHA-1 context setup * - * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_starts_ret() in 2.7.0 * * \param ctx context to be initialized */ @@ -145,7 +145,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_starts( /** * \brief SHA-1 process buffer * - * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_update_ret() in 2.7.0 * * \param ctx SHA-1 context * \param input buffer holding the data @@ -162,7 +162,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_update( /** * \brief SHA-1 final digest * - * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_finish_ret() in 2.7.0 * * \param ctx SHA-1 context * \param output SHA-1 checksum result @@ -177,7 +177,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha1_finish( /** * \brief SHA-1 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_sha1_process() in 2.7.0 * * \param ctx SHA-1 context * \param data buffer holding one block of data @@ -226,7 +226,7 @@ int mbedtls_sha1_ret( const unsigned char *input, /** * \brief Output = SHA-1( input buffer ) * - * \deprecated Superseded by mbedtls_sha1_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha1_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index be5ef794f..9c52f781c 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -134,7 +134,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, /** * \brief SHA-256 context setup * - * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_starts_ret() in 2.7.0 * * \param ctx context to be initialized * \param is224 0 = use SHA256, 1 = use SHA224 @@ -149,7 +149,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( /** * \brief SHA-256 process buffer * - * \deprecated Superseded by mbedtls_sha256_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_update_ret() in 2.7.0 * * \param ctx SHA-256 context * \param input buffer holding the data @@ -166,7 +166,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( /** * \brief SHA-256 final digest * - * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_finish_ret() in 2.7.0 * * \param ctx SHA-256 context * \param output SHA-224/256 checksum result @@ -181,7 +181,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( /** * \brief SHA-256 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_sha256_process() in 2.7.0 * * \param ctx SHA-256 context * \param data buffer holding one block of data @@ -232,7 +232,7 @@ int mbedtls_sha256_ret( const unsigned char *input, /** * \brief Output = SHA-256( input buffer ) * - * \deprecated Superseded by mbedtls_sha256_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha256_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 0fadb4c3b..7e2fcc592 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -134,7 +134,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, /** * \brief SHA-512 context setup * - * \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_starts_ret() in 2.7.0 * * \param ctx context to be initialized * \param is384 0 = use SHA512, 1 = use SHA384 @@ -149,7 +149,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_starts( /** * \brief SHA-512 process buffer * - * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_update_ret() in 2.7.0 * * \param ctx SHA-512 context * \param input buffer holding the data @@ -166,7 +166,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_update( /** * \brief SHA-512 final digest * - * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_finish_ret() in 2.7.0 * * \param ctx SHA-512 context * \param output SHA-384/512 checksum result @@ -181,7 +181,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_sha512_finish( /** * \brief SHA-512 process data block (internal use only) * - * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.5.0 + * \deprecated Superseded by mbedtls_internal_sha512_process() in 2.7.0 * * \param ctx SHA-512 context * \param data buffer holding one block of data @@ -232,7 +232,7 @@ int mbedtls_sha512_ret( const unsigned char *input, /** * \brief Output = SHA-512( input buffer ) * - * \deprecated Superseded by mbedtls_sha512_ret() in 2.5.0 + * \deprecated Superseded by mbedtls_sha512_ret() in 2.7.0 * * \param input buffer holding the data * \param ilen length of the input data From 0a96910e5505d75a4dc32c09dc99e500063b4b44 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 22 Jan 2018 14:55:20 +0100 Subject: [PATCH 40/43] MD API deprecation: ChangeLog updates Use the updated names for the new functions (xxx_ret instead of xxx_ext). List the new deprecations in the appropriate sections. Credit the independent report of the misuse of zeroizing to reset a hash context in entropy.c. --- ChangeLog | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 31b6f98c4..e60ca14d9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,11 @@ New deprecations (e.g., signing with a public key). * Direct manipulation of structure fields of RSA contexts is deprecated. Users are advised to use the extended RSA API instead. + * Deprecate usage of message digest functions that return void + (mbedtls__starts, mbedtls__update, + mbedtls__finish and mbedtls__process where is + any of MD2, MD4, MD5, SHA1, SHA256, SHA512) in favor of functions + that can return an error code. API Changes * Extend RSA interface by multiple functions allowing structure- @@ -51,19 +56,14 @@ API Changes purpose or CRT and/or blinding. * The configuration option MBEDTLS_RSA_ALT can be used to define alternative implementations of the RSA interface declared in rsa.h. - * The following functions in the MD2, MD4, MD5, SHA1, SHA256 and SHA512 - modules have been deprecated and replaced as shown below. The new - functions change the return type from void to int to allow returning error - codes when using MBEDTLS__ALT. - mbedtls__starts() -> mbedtls__starts_ext() - mbedtls__update() -> mbedtls__update_ext() - mbedtls__finish() -> mbedtls__finish_ext() + * The following functions in the message digest modules (MD2, MD4, MD5, + SHA1, SHA256, SHA512) have been deprecated and replaced as shown below. + The new functions change the return type from void to int to allow + returning error codes when using MBEDTLS__ALT. + mbedtls__starts() -> mbedtls__starts_ret() + mbedtls__update() -> mbedtls__update_ret() + mbedtls__finish() -> mbedtls__finish_ret() mbedtls__process() -> mbedtls_internal__process() - The type of the function pointers in the mbedtls_md_info_t struct have - also been modified taking into account the functions return code. Every - usage of the deprecated functions was updated. Furthermore, the MD return - codes are checked for error after every usage, except in the ssl_tls.c - module. Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records @@ -118,8 +118,9 @@ Bugfix mbedtls_sha512_starts() in the mbedtls_entropy_init() function. * Fix the entropy.c module to ensure that mbedtls_sha256_init() or mbedtls_sha512_init() is called before operating on the relevant context - structure. Also, ensure that message digest contexts are freed when - calling mbedtls_entropy_free(). + structure. Do not assume that zeroizing a context is a correct way to + reset it. Found independently by ccli8 on Github. + * In mbedtls_entropy_free(), properly free the message digest context. Changes * Extend cert_write example program by options to set the CRT version @@ -132,6 +133,10 @@ Changes * Only run AES-192 self-test if AES-192 is available. Fixes #963. * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the undeclared dependency of the RSA module on the ASN.1 module. + * Update all internal usage of deprecated message digest functions to the + new ones with return codes. In particular, this modifies the + mbedtls_md_info_t structure. Propagate errors from these functions + everywhere except some locations in the ssl_tls.c module. = mbed TLS 2.6.0 branch released 2017-08-10 From 2840f945d29d164d6a882ea3a5250448acb6180c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Jan 2018 11:57:19 +0100 Subject: [PATCH 41/43] Add definition of inline in md5.h --- include/mbedtls/md5.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 4f8c92197..bbfcae158 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -36,6 +36,11 @@ // Regular implementation // +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #ifdef __cplusplus extern "C" { #endif From a381fe84ce68347631ce09d2f7a655a58f7af046 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Jan 2018 18:16:11 +0100 Subject: [PATCH 42/43] Add HW_FAILED error codes for message digest modules New error codes to report failures from alternative implementations of MD2, MD4, MD5, RIPEMD160, SHA-1, SHA-256, SHA-512. --- include/mbedtls/error.h | 9 +++++- include/mbedtls/md2.h | 2 ++ include/mbedtls/md4.h | 2 ++ include/mbedtls/md5.h | 2 ++ include/mbedtls/ripemd160.h | 2 ++ include/mbedtls/sha1.h | 2 ++ include/mbedtls/sha256.h | 2 ++ include/mbedtls/sha512.h | 2 ++ library/error.c | 63 +++++++++++++++++++++++++++++++++++++ 9 files changed, 85 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 4eb7b78eb..16bc8dcb6 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -64,8 +64,15 @@ * NET 11 0x0042-0x0052 0x0043-0x0045 * ASN1 7 0x0060-0x006C * PBKDF2 1 0x007C-0x007C - * HMAC_DRBG 4 0x0003-0x0009 + * HMAC_DRBG 4 0x0003-0x0009 * CCM 2 0x000D-0x000F + * MD2 1 0x002B-0x002B + * MD4 1 0x002D-0x002D + * MD5 1 0x002F-0x002F + * RIPEMD160 1 0x0031-0x0031 + * SHA1 1 0x0035-0x0035 + * SHA256 1 0x0037-0x0037 + * SHA512 1 0x0039-0x0039 * * High-level module nr (3 bits - 0x0...-0x7...) * Name ID Nr of Errors diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 925c69dde..1a9940bba 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -31,6 +31,8 @@ #include +#define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index f9341a856..ed203709b 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -32,6 +32,8 @@ #include #include +#define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index bbfcae158..dfd704cf2 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -32,6 +32,8 @@ #include #include +#define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */ + #if !defined(MBEDTLS_MD5_ALT) // Regular implementation // diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index ad548d302..93a16bc40 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -32,6 +32,8 @@ #include #include +#define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 03c474bc6..b879ee6aa 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -32,6 +32,8 @@ #include #include +#define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 9c52f781c..e9cc0ca21 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -32,6 +32,8 @@ #include #include +#define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 7e2fcc592..395f8bb61 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -32,6 +32,8 @@ #include #include +#define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline diff --git a/library/error.c b/library/error.c index 151ca4eae..9079c5cbc 100644 --- a/library/error.c +++ b/library/error.c @@ -101,6 +101,18 @@ #include "mbedtls/md.h" #endif +#if defined(MBEDTLS_MD2_C) +#include "mbedtls/md2.h" +#endif + +#if defined(MBEDTLS_MD4_C) +#include "mbedtls/md4.h" +#endif + +#if defined(MBEDTLS_MD5_C) +#include "mbedtls/md5.h" +#endif + #if defined(MBEDTLS_NET_C) #include "mbedtls/net_sockets.h" #endif @@ -129,10 +141,26 @@ #include "mbedtls/pkcs5.h" #endif +#if defined(MBEDTLS_RIPEMD160_C) +#include "mbedtls/ripemd160.h" +#endif + #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif +#if defined(MBEDTLS_SHA1_C) +#include "mbedtls/sha1.h" +#endif + +#if defined(MBEDTLS_SHA256_C) +#include "mbedtls/sha256.h" +#endif + +#if defined(MBEDTLS_SHA512_C) +#include "mbedtls/sha512.h" +#endif + #if defined(MBEDTLS_SSL_TLS_C) #include "mbedtls/ssl.h" #endif @@ -635,6 +663,21 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "HMAC_DRBG - The entropy source failed" ); #endif /* MBEDTLS_HMAC_DRBG_C */ +#if defined(MBEDTLS_MD2_C) + if( use_ret == -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "MD2 - MD2 hardware accelerator failed" ); +#endif /* MBEDTLS_MD2_C */ + +#if defined(MBEDTLS_MD4_C) + if( use_ret == -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "MD4 - MD4 hardware accelerator failed" ); +#endif /* MBEDTLS_MD4_C */ + +#if defined(MBEDTLS_MD5_C) + if( use_ret == -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "MD5 - MD5 hardware accelerator failed" ); +#endif /* MBEDTLS_MD5_C */ + #if defined(MBEDTLS_NET_C) if( use_ret == -(MBEDTLS_ERR_NET_SOCKET_FAILED) ) mbedtls_snprintf( buf, buflen, "NET - Failed to open a socket" ); @@ -672,6 +715,26 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "PADLOCK - Input data should be aligned" ); #endif /* MBEDTLS_PADLOCK_C */ +#if defined(MBEDTLS_RIPEMD160_C) + if( use_ret == -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "RIPEMD160 - RIPEMD160 hardware accelerator failed" ); +#endif /* MBEDTLS_RIPEMD160_C */ + +#if defined(MBEDTLS_SHA1_C) + if( use_ret == -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "SHA1 - SHA-1 hardware accelerator failed" ); +#endif /* MBEDTLS_SHA1_C */ + +#if defined(MBEDTLS_SHA256_C) + if( use_ret == -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "SHA256 - SHA-256 hardware accelerator failed" ); +#endif /* MBEDTLS_SHA256_C */ + +#if defined(MBEDTLS_SHA512_C) + if( use_ret == -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "SHA512 - SHA-512 hardware accelerator failed" ); +#endif /* MBEDTLS_SHA512_C */ + #if defined(MBEDTLS_THREADING_C) if( use_ret == -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "THREADING - The selected feature is not available" ); From 342d928e8dda9fc307d685dcbc6b9342a49e805b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 23 Jan 2018 18:21:21 +0100 Subject: [PATCH 43/43] Fix proprocessor directives for MBEDTLS_RIPEMD160_ALT --- include/mbedtls/ripemd160.h | 2 +- library/ripemd160.c | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 93a16bc40..3921e6695 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -199,7 +199,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_ripemd160_process( #endif #else /* MBEDTLS_RIPEMD160_ALT */ -#include "ripemd160.h" +#include "ripemd160_alt.h" #endif /* MBEDTLS_RIPEMD160_ALT */ #ifdef __cplusplus diff --git a/library/ripemd160.c b/library/ripemd160.c index 260fee686..b85b117c6 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -46,6 +46,8 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST */ +#if !defined(MBEDTLS_RIPEMD160_ALT) + /* * 32-bit integer manipulation macros (little endian) */ @@ -393,6 +395,8 @@ int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, return( 0 ); } +#endif /* ! MBEDTLS_RIPEMD160_ALT */ + /* * output = RIPEMD-160( input buffer ) */