Make hmac_ctx optional
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
diff --git a/ChangeLog b/ChangeLog
index 9f04b62..81abd5b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@
* Support for DTLS 1.0 and 1.2 (RFC 6347).
API Changes
+ * md_init_ctx() gained a new argument for optional hmac usage
* Removed individual mdX_hmac and shaX_hmac functions (use generic
md_hmac functions from md.h)
* Change md_info_t into an opaque structure (use md_get_xxx() accessors).
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 490845a..3d30bea 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -142,12 +142,14 @@
* digest-specific context (ctx->md_ctx) must be NULL. It will
* be allocated, and must be freed using md_free() later.
* \param md_info message digest to use.
+ * \param hmac non-zero if you want to use this context for hmac too,
+ * zero otherwise (saves some memory).
*
* \returns \c 0 on success, \c POLARSSL_ERR_MD_BAD_INPUT_DATA on
* parameter failure, \c POLARSSL_ERR_MD_ALLOC_FAILED if
* allocation of the digest-specific context failed.
*/
-int md_init_ctx( md_context_t *ctx, const md_info_t *md_info );
+int md_init_ctx( md_context_t *ctx, const md_info_t *md_info, int hmac );
/**
* \brief Returns the size of the message digest output.
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 2e4b682..295da3a 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -97,7 +97,7 @@
md_init( &ctx->md_ctx );
- if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
+ if( ( ret = md_init_ctx( &ctx->md_ctx, md_info, 1 ) ) != 0 )
return( ret );
/*
@@ -171,7 +171,7 @@
md_init( &ctx->md_ctx );
- if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
+ if( ( ret = md_init_ctx( &ctx->md_ctx, md_info, 1 ) ) != 0 )
return( ret );
md_size = md_get_size( md_info );
diff --git a/library/md.c b/library/md.c
index cb6364e..eef9d73 100644
--- a/library/md.c
+++ b/library/md.c
@@ -199,7 +199,7 @@
polarssl_zeroize( ctx, sizeof( md_context_t ) );
}
-int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
+int md_init_ctx( md_context_t *ctx, const md_info_t *md_info, int hmac )
{
if( md_info == NULL || ctx == NULL )
return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
@@ -209,11 +209,14 @@
if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL )
return( POLARSSL_ERR_MD_ALLOC_FAILED );
- ctx->hmac_ctx = polarssl_malloc( 2 * md_info->block_size );
- if( ctx->hmac_ctx == NULL )
+ if( hmac != 0 )
{
- md_info->ctx_free_func( ctx->md_ctx );
- return( POLARSSL_ERR_MD_ALLOC_FAILED );
+ ctx->hmac_ctx = polarssl_malloc( 2 * md_info->block_size );
+ if( ctx->hmac_ctx == NULL )
+ {
+ md_info->ctx_free_func( ctx->md_ctx );
+ return( POLARSSL_ERR_MD_ALLOC_FAILED );
+ }
}
ctx->md_info = md_info;
@@ -382,7 +385,7 @@
md_init( &ctx );
- if( ( ret = md_init_ctx( &ctx, md_info ) ) != 0 )
+ if( ( ret = md_init_ctx( &ctx, md_info, 1 ) ) != 0 )
return( ret );
md_hmac_starts( &ctx, key, keylen );
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 66b29c1..1f442e6 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -268,7 +268,7 @@
md_init( &md_ctx );
- if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+ if( ( ret = md_init_ctx( &md_ctx, md_info, 0 ) ) != 0 )
return( ret );
hlen = md_get_size( md_info );
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 280453a..9cc8b7d 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -189,7 +189,7 @@
memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
- if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+ if( ( ret = md_init_ctx( &md_ctx, md_info, 1 ) ) != 0 )
goto exit;
if( ( ret = pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len,
@@ -365,7 +365,7 @@
goto exit;
}
- if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 )
+ if( ( ret = md_init_ctx( &sha1_ctx, info_sha1, 1 ) ) != 0 )
{
ret = 1;
goto exit;
diff --git a/library/rsa.c b/library/rsa.c
index d3ab4ed..afa1c72 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -556,7 +556,7 @@
memcpy( p, input, ilen );
md_init( &md_ctx );
- md_init_ctx( &md_ctx, md_info );
+ md_init_ctx( &md_ctx, md_info, 0 );
// maskedDB: Apply dbMask to DB
//
@@ -725,7 +725,7 @@
hlen = md_get_size( md_info );
md_init( &md_ctx );
- md_init_ctx( &md_ctx, md_info );
+ md_init_ctx( &md_ctx, md_info, 0 );
/* Generate lHash */
md( md_info, label, label_len, lhash );
@@ -969,7 +969,7 @@
p += slen;
md_init( &md_ctx );
- md_init_ctx( &md_ctx, md_info );
+ md_init_ctx( &md_ctx, md_info, 0 );
// Generate H = Hash( M' )
//
@@ -1201,7 +1201,7 @@
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
md_init( &md_ctx );
- md_init_ctx( &md_ctx, md_info );
+ md_init_ctx( &md_ctx, md_info, 0 );
mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 4fe767b..b6fe21f 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2173,7 +2173,7 @@
* };
*/
if( ( ret = md_init_ctx( &ctx,
- md_info_from_type( md_alg ) ) ) != 0 )
+ md_info_from_type( md_alg ), 0 ) ) != 0 )
{
SSL_DEBUG_RET( 1, "md_init_ctx", ret );
return( ret );
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index c2fde82..2b6bdc5 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -104,7 +104,7 @@
if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
return( ret );
- ret = md_init_ctx( &ctx->hmac_ctx, md_info_from_type( COOKIE_MD ) );
+ ret = md_init_ctx( &ctx->hmac_ctx, md_info_from_type( COOKIE_MD ), 1 );
if( ret != 0 )
return( ret );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 250f95f..49e9b5c 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3073,7 +3073,7 @@
* ServerDHParams params;
* };
*/
- if( ( ret = md_init_ctx( &ctx, md_info ) ) != 0 )
+ if( ( ret = md_init_ctx( &ctx, md_info, 0 ) ) != 0 )
{
SSL_DEBUG_RET( 1, "md_init_ctx", ret );
return( ret );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 2a61a51..ded226e 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -658,8 +658,8 @@
int ret;
/* Initialize HMAC contexts */
- if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 ||
- ( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 )
+ if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
+ ( ret = md_init_ctx( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
{
SSL_DEBUG_RET( 1, "md_init_ctx", ret );
return( ret );
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index e61ba7d..e14acae 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -101,7 +101,7 @@
aes_init( &aes_ctx );
md_init( &sha_ctx );
- ret = md_init_ctx( &sha_ctx, md_info_from_type( POLARSSL_MD_SHA256 ) );
+ ret = md_init_ctx( &sha_ctx, md_info_from_type( POLARSSL_MD_SHA256 ), 1 );
if( ret != 0 )
{
polarssl_printf( " ! md_init_ctx() returned -0x%04x\n", -ret );
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index a1406b6..2a3f3cc 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -185,7 +185,7 @@
polarssl_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] );
goto exit;
}
- md_init_ctx( &md_ctx, md_info);
+ md_init_ctx( &md_ctx, md_info, 1 );
/*
* Read the secret key and clean the command line.
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index f2a947e..6cb9951 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -204,7 +204,7 @@
polarssl_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
return( 1 );
}
- if( md_init_ctx( &md_ctx, md_info) )
+ if( md_init_ctx( &md_ctx, md_info, 0 ) )
{
polarssl_fprintf( stderr, "Failed to initialize context.\n" );
return( 1 );
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 98dac47..c0e1d44 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -29,7 +29,7 @@
{
info = md_info_from_type( *md_type_ptr );
TEST_ASSERT( info != NULL );
- TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 );
+ TEST_ASSERT( md_init_ctx( &ctx, info, 0 ) == 0 );
TEST_ASSERT( md_process( &ctx, buf ) == 0 );
md_free( &ctx );
}
@@ -54,8 +54,8 @@
TEST_ASSERT( md_info_from_string( NULL ) == NULL );
- TEST_ASSERT( md_init_ctx( &ctx, NULL ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
- TEST_ASSERT( md_init_ctx( NULL, info ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT( md_init_ctx( &ctx, NULL, 0 ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
+ TEST_ASSERT( md_init_ctx( NULL, info, 0 ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
TEST_ASSERT( md_starts( NULL ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
TEST_ASSERT( md_starts( &ctx ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
@@ -195,7 +195,7 @@
strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 );
md_info = md_info_from_string(md_name);
TEST_ASSERT( md_info != NULL );
- TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) );
+ TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info, 0 ) );
TEST_ASSERT ( 0 == md_starts( &ctx ) );
TEST_ASSERT ( ctx.md_ctx != NULL );
@@ -233,7 +233,7 @@
strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 );
md_info = md_info_from_string(md_name);
TEST_ASSERT( md_info != NULL );
- TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) );
+ TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info, 0 ) );
src_len = unhexify( src_str, hex_src_string );
@@ -307,7 +307,7 @@
strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 );
md_info = md_info_from_string( md_name );
TEST_ASSERT( md_info != NULL );
- TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) );
+ TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info, 1 ) );
key_len = unhexify( key_str, hex_key_string );
src_len = unhexify( src_str, hex_src_string );
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 6074e04..4240698 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -36,7 +36,7 @@
TEST_ASSERT( info != NULL );
if( info == NULL )
return;
- TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 );
+ TEST_ASSERT( md_init_ctx( &ctx, info, 1 ) == 0 );
TEST_ASSERT( pkcs5_pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len,
it_cnt, key_len, key ) == 0 );