commit 133690cceff604a5836e271fb0a5e8055a1884d7
author Jerry Yu <jerry.h.yu@arm.com> Mon Oct 25 14:01:13 2021 +0800
committer Jerry Yu <jerry.h.yu@arm.com> Fri Oct 29 19:57:55 2021 +0800
tree 301f1c52d7c06b6ac40e7f69b16f80593ce9d25e
parent 26c2d118027ec9a930ffb83da860c2b129fa32ea

Refactor hash computation

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

library/ssl_tls13_generic.c

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index db99d9d..24275e5 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -432,51 +432,21 @@
 #if defined(MBEDTLS_SHA256_C)
         case MBEDTLS_MD_SHA256:
             verify_hash_len = 32;
-            if( ( ret = mbedtls_sha256( verify_buffer,
-                                        verify_buffer_len,
-                                        verify_hash,
-                                        0 ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha256", ret );
-                MBEDTLS_SSL_PEND_FATAL_ALERT(
-                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
-                    MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-                return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-            }
+            ret = mbedtls_sha256( verify_buffer, verify_buffer_len, verify_hash, 0 );
             break;
 #endif /* MBEDTLS_SHA256_C */
 
 #if defined(MBEDTLS_SHA384_C)
         case MBEDTLS_MD_SHA384:
             verify_hash_len = 48;
-            if( ( ret = mbedtls_sha512( verify_buffer,
-                                        verify_buffer_len,
-                                        verify_hash,
-                                        1 ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha384", ret );
-                MBEDTLS_SSL_PEND_FATAL_ALERT(
-                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
-                    MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-                return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-            }
+            ret = mbedtls_sha512( verify_buffer, verify_buffer_len, verify_hash, 1 );
             break;
 #endif /* MBEDTLS_SHA384_C */
 
 #if defined(MBEDTLS_SHA512_C)
         case MBEDTLS_MD_SHA512:
             verify_hash_len = 64;
-            if( ( ret = mbedtls_sha512( verify_buffer,
-                                        verify_buffer_len,
-                                        verify_hash,
-                                        0 ) ) != 0 )
-            {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha512", ret );
-                MBEDTLS_SSL_PEND_FATAL_ALERT(
-                    MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
-                    MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-                return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
-            }
+            ret = mbedtls_sha512( verify_buffer, verify_buffer_len, verify_hash, 0 );
             break;
 #endif /* MBEDTLS_SHA512_C */
 
@@ -488,6 +458,15 @@
         return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
     }
 
+    if( ret != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "hash computation error", ret );
+        MBEDTLS_SSL_PEND_FATAL_ALERT(
+                        MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT,
+                        MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+        return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+    }
+
     MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
 
     if( ( ret = mbedtls_pk_verify_ext( sig_alg, NULL,