Change ssl_tls to use new MD API and check ret code
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 661ae70..b04917d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -221,6 +221,7 @@
const unsigned char *random, size_t rlen,
unsigned char *dstbuf, size_t dlen )
{
+ int ret;
size_t i;
mbedtls_md5_context md5;
mbedtls_sha1_context sha1;
@@ -243,25 +244,35 @@
{
memset( padding, (unsigned char) ('A' + i), 1 + i );
- mbedtls_sha1_starts( &sha1 );
- mbedtls_sha1_update( &sha1, padding, 1 + i );
- mbedtls_sha1_update( &sha1, secret, slen );
- mbedtls_sha1_update( &sha1, random, rlen );
- mbedtls_sha1_finish( &sha1, sha1sum );
+ if( ( ret = mbedtls_sha1_starts_ext( &sha1 ) ) != 0 )
+ goto exit;
+ if( ( ret = mbedtls_sha1_update_ext( &sha1, padding, 1 + i ) ) != 0 )
+ goto exit;
+ if( ( ret = mbedtls_sha1_update_ext( &sha1, secret, slen ) ) != 0 )
+ goto exit;
+ if( ( ret = mbedtls_sha1_update_ext( &sha1, random, rlen ) ) != 0 )
+ goto exit;
+ if( ( ret = mbedtls_sha1_finish_ext( &sha1, sha1sum ) ) != 0 )
+ goto exit;
- mbedtls_md5_starts( &md5 );
- mbedtls_md5_update( &md5, secret, slen );
- mbedtls_md5_update( &md5, sha1sum, 20 );
- mbedtls_md5_finish( &md5, dstbuf + i * 16 );
+ if( ( ret = mbedtls_md5_starts_ext( &md5 ) ) != 0 )
+ goto exit;
+ if( ( ret = mbedtls_md5_update_ext( &md5, secret, slen ) ) != 0 )
+ goto exit;
+ if( ( ret = mbedtls_md5_update_ext( &md5, sha1sum, 20 ) ) != 0 )
+ goto exit;
+ if( ( ret = mbedtls_md5_finish_ext( &md5, dstbuf + i * 16 ) ) != 0 )
+ goto exit;
}
+exit:
mbedtls_md5_free( &md5 );
mbedtls_sha1_free( &sha1 );
mbedtls_zeroize( padding, sizeof( padding ) );
mbedtls_zeroize( sha1sum, sizeof( sha1sum ) );
- return( 0 );
+ return( ret );
}
#endif /* MBEDTLS_SSL_PROTO_SSL3 */
@@ -978,25 +989,25 @@
memset( pad_1, 0x36, 48 );
memset( pad_2, 0x5C, 48 );
- mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 );
- mbedtls_md5_update( &md5, pad_1, 48 );
- mbedtls_md5_finish( &md5, hash );
+ mbedtls_md5_update_ext( &md5, ssl->session_negotiate->master, 48 );
+ mbedtls_md5_update_ext( &md5, pad_1, 48 );
+ mbedtls_md5_finish_ext( &md5, hash );
- mbedtls_md5_starts( &md5 );
- mbedtls_md5_update( &md5, ssl->session_negotiate->master, 48 );
- mbedtls_md5_update( &md5, pad_2, 48 );
- mbedtls_md5_update( &md5, hash, 16 );
- mbedtls_md5_finish( &md5, hash );
+ mbedtls_md5_starts_ext( &md5 );
+ mbedtls_md5_update_ext( &md5, ssl->session_negotiate->master, 48 );
+ mbedtls_md5_update_ext( &md5, pad_2, 48 );
+ mbedtls_md5_update_ext( &md5, hash, 16 );
+ mbedtls_md5_finish_ext( &md5, hash );
- mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 );
- mbedtls_sha1_update( &sha1, pad_1, 40 );
- mbedtls_sha1_finish( &sha1, hash + 16 );
+ mbedtls_sha1_update_ext( &sha1, ssl->session_negotiate->master, 48 );
+ mbedtls_sha1_update_ext( &sha1, pad_1, 40 );
+ mbedtls_sha1_finish_ext( &sha1, hash + 16 );
- mbedtls_sha1_starts( &sha1 );
- mbedtls_sha1_update( &sha1, ssl->session_negotiate->master, 48 );
- mbedtls_sha1_update( &sha1, pad_2, 40 );
- mbedtls_sha1_update( &sha1, hash + 16, 20 );
- mbedtls_sha1_finish( &sha1, hash + 16 );
+ mbedtls_sha1_starts_ext( &sha1 );
+ mbedtls_sha1_update_ext( &sha1, ssl->session_negotiate->master, 48 );
+ mbedtls_sha1_update_ext( &sha1, pad_2, 40 );
+ mbedtls_sha1_update_ext( &sha1, hash + 16, 20 );
+ mbedtls_sha1_finish_ext( &sha1, hash + 16 );
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
@@ -1022,8 +1033,8 @@
mbedtls_md5_clone( &md5, &ssl->handshake->fin_md5 );
mbedtls_sha1_clone( &sha1, &ssl->handshake->fin_sha1 );
- mbedtls_md5_finish( &md5, hash );
- mbedtls_sha1_finish( &sha1, hash + 16 );
+ mbedtls_md5_finish_ext( &md5, hash );
+ mbedtls_sha1_finish_ext( &sha1, hash + 16 );
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 36 );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
@@ -1046,7 +1057,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) );
mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 );
- mbedtls_sha256_finish( &sha256, hash );
+ mbedtls_sha256_finish_ext( &sha256, hash );
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 32 );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
@@ -1067,7 +1078,7 @@
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) );
mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 );
- mbedtls_sha512_finish( &sha512, hash );
+ mbedtls_sha512_finish_ext( &sha512, hash );
MBEDTLS_SSL_DEBUG_BUF( 3, "calculated verify result", hash, 48 );
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= calc verify" ) );
@@ -4836,15 +4847,15 @@
{
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
- mbedtls_md5_starts( &ssl->handshake->fin_md5 );
- mbedtls_sha1_starts( &ssl->handshake->fin_sha1 );
+ mbedtls_md5_starts_ext( &ssl->handshake->fin_md5 );
+ mbedtls_sha1_starts_ext( &ssl->handshake->fin_sha1 );
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
- mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 );
+ mbedtls_sha256_starts_ext( &ssl->handshake->fin_sha256, 0 );
#endif
#if defined(MBEDTLS_SHA512_C)
- mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 );
+ mbedtls_sha512_starts_ext( &ssl->handshake->fin_sha512, 1 );
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
@@ -4854,15 +4865,15 @@
{
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
- mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len );
- mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len );
+ mbedtls_md5_update_ext( &ssl->handshake->fin_md5 , buf, len );
+ mbedtls_sha1_update_ext( &ssl->handshake->fin_sha1, buf, len );
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
- mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
+ mbedtls_sha256_update_ext( &ssl->handshake->fin_sha256, buf, len );
#endif
#if defined(MBEDTLS_SHA512_C)
- mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
+ mbedtls_sha512_update_ext( &ssl->handshake->fin_sha512, buf, len );
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
@@ -4872,8 +4883,8 @@
static void ssl_update_checksum_md5sha1( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
- mbedtls_md5_update( &ssl->handshake->fin_md5 , buf, len );
- mbedtls_sha1_update( &ssl->handshake->fin_sha1, buf, len );
+ mbedtls_md5_update_ext( &ssl->handshake->fin_md5 , buf, len );
+ mbedtls_sha1_update_ext( &ssl->handshake->fin_sha1, buf, len );
}
#endif
@@ -4882,7 +4893,7 @@
static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
- mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len );
+ mbedtls_sha256_update_ext( &ssl->handshake->fin_sha256, buf, len );
}
#endif
@@ -4890,7 +4901,7 @@
static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl,
const unsigned char *buf, size_t len )
{
- mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len );
+ mbedtls_sha512_update_ext( &ssl->handshake->fin_sha512, buf, len );
}
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
@@ -4943,29 +4954,29 @@
memset( padbuf, 0x36, 48 );
- mbedtls_md5_update( &md5, (const unsigned char *) sender, 4 );
- mbedtls_md5_update( &md5, session->master, 48 );
- mbedtls_md5_update( &md5, padbuf, 48 );
- mbedtls_md5_finish( &md5, md5sum );
+ mbedtls_md5_update_ext( &md5, (const unsigned char *) sender, 4 );
+ mbedtls_md5_update_ext( &md5, session->master, 48 );
+ mbedtls_md5_update_ext( &md5, padbuf, 48 );
+ mbedtls_md5_finish_ext( &md5, md5sum );
- mbedtls_sha1_update( &sha1, (const unsigned char *) sender, 4 );
- mbedtls_sha1_update( &sha1, session->master, 48 );
- mbedtls_sha1_update( &sha1, padbuf, 40 );
- mbedtls_sha1_finish( &sha1, sha1sum );
+ mbedtls_sha1_update_ext( &sha1, (const unsigned char *) sender, 4 );
+ mbedtls_sha1_update_ext( &sha1, session->master, 48 );
+ mbedtls_sha1_update_ext( &sha1, padbuf, 40 );
+ mbedtls_sha1_finish_ext( &sha1, sha1sum );
memset( padbuf, 0x5C, 48 );
- mbedtls_md5_starts( &md5 );
- mbedtls_md5_update( &md5, session->master, 48 );
- mbedtls_md5_update( &md5, padbuf, 48 );
- mbedtls_md5_update( &md5, md5sum, 16 );
- mbedtls_md5_finish( &md5, buf );
+ mbedtls_md5_starts_ext( &md5 );
+ mbedtls_md5_update_ext( &md5, session->master, 48 );
+ mbedtls_md5_update_ext( &md5, padbuf, 48 );
+ mbedtls_md5_update_ext( &md5, md5sum, 16 );
+ mbedtls_md5_finish_ext( &md5, buf );
- mbedtls_sha1_starts( &sha1 );
- mbedtls_sha1_update( &sha1, session->master, 48 );
- mbedtls_sha1_update( &sha1, padbuf , 40 );
- mbedtls_sha1_update( &sha1, sha1sum, 20 );
- mbedtls_sha1_finish( &sha1, buf + 16 );
+ mbedtls_sha1_starts_ext( &sha1 );
+ mbedtls_sha1_update_ext( &sha1, session->master, 48 );
+ mbedtls_sha1_update_ext( &sha1, padbuf , 40 );
+ mbedtls_sha1_update_ext( &sha1, sha1sum, 20 );
+ mbedtls_sha1_finish_ext( &sha1, buf + 16 );
MBEDTLS_SSL_DEBUG_BUF( 3, "calc finished result", buf, 36 );
@@ -5022,8 +5033,8 @@
? "client finished"
: "server finished";
- mbedtls_md5_finish( &md5, padbuf );
- mbedtls_sha1_finish( &sha1, padbuf + 16 );
+ mbedtls_md5_finish_ext( &md5, padbuf );
+ mbedtls_sha1_finish_ext( &sha1, padbuf + 16 );
ssl->handshake->tls_prf( session->master, 48, sender,
padbuf, 36, buf, len );
@@ -5074,7 +5085,7 @@
? "client finished"
: "server finished";
- mbedtls_sha256_finish( &sha256, padbuf );
+ mbedtls_sha256_finish_ext( &sha256, padbuf );
ssl->handshake->tls_prf( session->master, 48, sender,
padbuf, 32, buf, len );
@@ -5123,7 +5134,7 @@
? "client finished"
: "server finished";
- mbedtls_sha512_finish( &sha512, padbuf );
+ mbedtls_sha512_finish_ext( &sha512, padbuf );
ssl->handshake->tls_prf( session->master, 48, sender,
padbuf, 48, buf, len );
@@ -5437,17 +5448,17 @@
defined(MBEDTLS_SSL_PROTO_TLS1_1)
mbedtls_md5_init( &handshake->fin_md5 );
mbedtls_sha1_init( &handshake->fin_sha1 );
- mbedtls_md5_starts( &handshake->fin_md5 );
- mbedtls_sha1_starts( &handshake->fin_sha1 );
+ mbedtls_md5_starts_ext( &handshake->fin_md5 );
+ mbedtls_sha1_starts_ext( &handshake->fin_sha1 );
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
#if defined(MBEDTLS_SHA256_C)
mbedtls_sha256_init( &handshake->fin_sha256 );
- mbedtls_sha256_starts( &handshake->fin_sha256, 0 );
+ mbedtls_sha256_starts_ext( &handshake->fin_sha256, 0 );
#endif
#if defined(MBEDTLS_SHA512_C)
mbedtls_sha512_init( &handshake->fin_sha512 );
- mbedtls_sha512_starts( &handshake->fin_sha512, 1 );
+ mbedtls_sha512_starts_ext( &handshake->fin_sha512, 1 );
#endif
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */