X.509: use PSA for hashing under USE_PSA_CRYPTO
When MBEDTLS_USE_PSA_CRYPTO is enabled, use psa_hash_xxx rather than
mbedtls_md_xxx.
Signed-off-by: pespacek <peter.spacek@silabs.com>
diff --git a/library/x509_crt.c b/library/x509_crt.c
index c865444..b7eb617 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -47,7 +47,8 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
-#endif
+#include "psa/crypto_values.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
@@ -2336,8 +2337,14 @@
const mbedtls_x509_crt_profile *profile )
{
int flags = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ unsigned char hash[PSA_HASH_MAX_SIZE];
+ psa_algorithm_t psa_algorithm;
+#else
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ size_t hash_length;
if( ca == NULL )
return( flags );
@@ -2370,8 +2377,21 @@
if( x509_profile_check_pk_alg( profile, crl_list->sig_pk ) != 0 )
flags |= MBEDTLS_X509_BADCRL_BAD_PK;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_algorithm = mbedtls_psa_translate_md( crl_list->sig_md );
+ if(psa_hash_compute( psa_algorithm,
+ crl_list->tbs.p,
+ crl_list->tbs.len,
+ hash,PSA_HASH_MAX_SIZE,
+ &hash_length ) != PSA_SUCCESS )
+#else
md_info = mbedtls_md_info_from_type( crl_list->sig_md );
- if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 )
+ hash_length = mbedtls_md_get_size( md_info );
+ if( mbedtls_md( md_info,
+ crl_list->tbs.p,
+ crl_list->tbs.len,
+ hash ) != 0 )
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
/* Note: this can't happen except after an internal error */
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
@@ -2382,7 +2402,7 @@
flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
if( mbedtls_pk_verify_ext( crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
- crl_list->sig_md, hash, mbedtls_md_get_size( md_info ),
+ crl_list->sig_md, hash, hash_length,
crl_list->sig.p, crl_list->sig.len ) != 0 )
{
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
@@ -2421,9 +2441,9 @@
mbedtls_x509_crt *parent,
mbedtls_x509_crt_restart_ctx *rs_ctx )
{
- unsigned char hash[MBEDTLS_MD_MAX_SIZE];
size_t hash_len;
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
md_info = mbedtls_md_info_from_type( child->sig_md );
hash_len = mbedtls_md_get_size( md_info );
@@ -2432,23 +2452,21 @@
if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
return( -1 );
#else
- psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
+ unsigned char hash[PSA_HASH_MAX_SIZE];
psa_algorithm_t hash_alg = mbedtls_psa_translate_md( child->sig_md );
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- if( psa_hash_setup( &hash_operation, hash_alg ) != PSA_SUCCESS )
- return( -1 );
-
- if( psa_hash_update( &hash_operation, child->tbs.p, child->tbs.len )
- != PSA_SUCCESS )
+ status = psa_hash_compute( hash_alg,
+ child->tbs.p,
+ child->tbs.len,
+ hash,
+ PSA_HASH_MAX_SIZE,
+ &hash_len );
+ if( status != PSA_SUCCESS )
{
- return( -1 );
+ return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
}
- if( psa_hash_finish( &hash_operation, hash, sizeof( hash ), &hash_len )
- != PSA_SUCCESS )
- {
- return( -1 );
- }
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Skip expensive computation on obvious mismatch */
if( ! mbedtls_pk_can_do( &parent->pk, child->sig_pk ) )