cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-03 20:22:59 -05:00
Code Issues Packages Projects Releases Wiki Activity

Check errors from the MD layer

Browse Source 
Could be out-of-memory for some functions, accelerator issues for others.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
Manuel Pégourié-Gonnard 2020-07-22 10:48:47 +02:00
parent 9713e13e68
commit 44c9fdde6e
1 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
library/ssl_msg.c
View File

@ -1147,39 +1147,51 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac(
unsigned char aux_out[MBEDTLS_MD_MAX_SIZE]; unsigned char aux_out[MBEDTLS_MD_MAX_SIZE];
mbedtls_md_context_t aux; mbedtls_md_context_t aux;
size_t offset; size_t offset;
int ret;
mbedtls_md_init( &aux ); mbedtls_md_init( &aux );
mbedtls_md_setup( &aux, ctx->md_info, 0 );
#define MD_CHK( func_call ) \
do { \
ret = (func_call); \
if( ret != 0 ) \
goto cleanup; \
} while( 0 )
MD_CHK( mbedtls_md_setup( &aux, ctx->md_info, 0 ) );
/* After hmac_start() of hmac_reset(), ikey has already been hashed, /* After hmac_start() of hmac_reset(), ikey has already been hashed,
* so we can start directly with the message */ * so we can start directly with the message */
mbedtls_md_update( ctx, add_data, add_data_len ); MD_CHK( mbedtls_md_update( ctx, add_data, add_data_len ) );
mbedtls_md_update( ctx, data, min_data_len ); MD_CHK( mbedtls_md_update( ctx, data, min_data_len ) );
/* For each possible length, compute the hash up to that point */ /* For each possible length, compute the hash up to that point */
for( offset = min_data_len; offset <= max_data_len; offset++ ) for( offset = min_data_len; offset <= max_data_len; offset++ )
{ {
mbedtls_md_clone( &aux, ctx ); MD_CHK( mbedtls_md_clone( &aux, ctx ) );
mbedtls_md_finish( &aux, aux_out ); MD_CHK( mbedtls_md_finish( &aux, aux_out ) );
/* Keep only the correct inner_hash in the output buffer */ /* Keep only the correct inner_hash in the output buffer */
mbedtls_ssl_cf_memcpy_if_eq( output, aux_out, hash_size, mbedtls_ssl_cf_memcpy_if_eq( output, aux_out, hash_size,
offset, data_len_secret ); offset, data_len_secret );
if( offset < max_data_len ) if( offset < max_data_len )
mbedtls_md_update( ctx, data + offset, 1 ); MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) );
} }
/* Now compute HASH(okey + inner_hash) */ /* Now compute HASH(okey + inner_hash) */
mbedtls_md_starts( ctx ); MD_CHK( mbedtls_md_starts( ctx ) );
mbedtls_md_update( ctx, okey, block_size ); MD_CHK( mbedtls_md_update( ctx, okey, block_size ) );
mbedtls_md_update( ctx, output, hash_size ); MD_CHK( mbedtls_md_update( ctx, output, hash_size ) );
mbedtls_md_finish( ctx, output ); MD_CHK( mbedtls_md_finish( ctx, output ) );
/* Done, get ready for next time */ /* Done, get ready for next time */
mbedtls_md_hmac_reset( ctx ); MD_CHK( mbedtls_md_hmac_reset( ctx ) );
#undef MD_CHK
cleanup:
mbedtls_md_free( &aux ); mbedtls_md_free( &aux );
return( 0 ); return( ret );
} }
#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */ #endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */