mbedtls_ssl_get_key_exchange_md_tls1_2: return hashlen

In mbedtls_ssl_get_key_exchange_md_tls1_2, add an output parameter for
the hash length. The code that calls this function can currently do
without it, but it will need the hash length in the future, when
adding support for a third-party callback to calculate the signature
of the hash.
This commit is contained in:
Gilles Peskine 2018-04-24 11:53:22 +02:00
parent 7aeb470f61
commit ca1d742904
4 changed files with 15 additions and 19 deletions

View File

@ -646,9 +646,9 @@ int mbedtls_ssl_get_key_exchange_md_ssl_tls( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2) defined(MBEDTLS_SSL_PROTO_TLS1_2)
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
unsigned char *output, unsigned char *hash, size_t *hashlen,
unsigned char *data, size_t data_len, unsigned char *data, size_t data_len,
mbedtls_md_type_t md_alg ); mbedtls_md_type_t md_alg );
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \ #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
MBEDTLS_SSL_PROTO_TLS1_2 */ MBEDTLS_SSL_PROTO_TLS1_2 */

View File

@ -2526,10 +2526,9 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
defined(MBEDTLS_SSL_PROTO_TLS1_2) defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( md_alg != MBEDTLS_MD_NONE ) if( md_alg != MBEDTLS_MD_NONE )
{ {
/* Info from md_alg will be used instead */ ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
hashlen = 0; params, params_len,
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, params, md_alg );
params_len, md_alg );
if( ret != 0 ) if( ret != 0 )
return( ret ); return( ret );
} }
@ -2541,8 +2540,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen : MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
(unsigned int) ( mbedtls_md_get_size( mbedtls_md_info_from_type( md_alg ) ) ) );
if( ssl->session_negotiate->peer_cert == NULL ) if( ssl->session_negotiate->peer_cert == NULL )
{ {

View File

@ -3045,7 +3045,7 @@ curve_matching_done:
if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
{ {
size_t signature_len = 0; size_t signature_len = 0;
unsigned int hashlen = 0; size_t hashlen = 0;
unsigned char hash[64]; unsigned char hash[64];
/* /*
@ -3116,9 +3116,7 @@ curve_matching_done:
defined(MBEDTLS_SSL_PROTO_TLS1_2) defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( md_alg != MBEDTLS_MD_NONE ) if( md_alg != MBEDTLS_MD_NONE )
{ {
/* Info from md_alg will be used instead */ ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash, &hashlen,
hashlen = 0;
ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash,
dig_signed, dig_signed,
dig_signed_len, dig_signed_len,
md_alg ); md_alg );
@ -3133,8 +3131,7 @@ curve_matching_done:
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen : MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
(unsigned int) ( mbedtls_md_get_size( mbedtls_md_info_from_type( md_alg ) ) ) );
/* /*
* 3.3: Compute and add the signature * 3.3: Compute and add the signature

View File

@ -8310,13 +8310,14 @@ exit:
#if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \ #if defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_2) defined(MBEDTLS_SSL_PROTO_TLS1_2)
int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl, int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
unsigned char *output, unsigned char *hash, size_t *hashlen,
unsigned char *data, size_t data_len, unsigned char *data, size_t data_len,
mbedtls_md_type_t md_alg ) mbedtls_md_type_t md_alg )
{ {
int ret = 0; int ret = 0;
mbedtls_md_context_t ctx; mbedtls_md_context_t ctx;
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
*hashlen = mbedtls_md_get_size( md_info );
mbedtls_md_init( &ctx ); mbedtls_md_init( &ctx );
@ -8347,7 +8348,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_update", ret );
goto exit; goto exit;
} }
if( ( ret = mbedtls_md_finish( &ctx, output ) ) != 0 ) if( ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 )
{ {
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_finish", ret );
goto exit; goto exit;