ssl_write_server_key_exchange: calculate hashlen explicitly The pk layer can infer the hash length from the hash type. Calculate it explicitly here anyway because it's needed for debugging purposes, and it's needed for the upcoming feature allowing the signature operation to be offloaded to an external cryptographic processor, as the offloading code will need to know what length hash to copy.

commit: ebd652fe2dfc2c82d774bfd334398279d9027492 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Fri Jan 05 21:18:59 2018 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Tue Apr 24 09:34:38 2018 +0200
tree: dce4842177e346029b62ab9b403ed2ba8114d167
parent: e1efdf912f9f2d8a1ff9704454615de1dc1716fc [diff] [blame]
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index bc94ebb..84c8e1e 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c

@@ -3135,8 +3135,7 @@
 
             mbedtls_md_init( &ctx );
 
-            /* Info from md_alg will be used instead */
-            hashlen = 0;
+            hashlen = mbedtls_md_get_size( md_info );
 
             /*
              * digitally-signed struct {
@@ -3165,8 +3164,7 @@
             return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
         }
 
-        MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen != 0 ? hashlen :
-            (unsigned int) ( mbedtls_md_get_size( mbedtls_md_info_from_type( md_alg ) ) ) );
+        MBEDTLS_SSL_DEBUG_BUF( 3, "parameters hash", hash, hashlen );
 
         /*
          * 3.3: Compute and add the signature
commit	ebd652fe2dfc2c82d774bfd334398279d9027492	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Jan 05 21:18:59 2018 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Apr 24 09:34:38 2018 +0200
tree	dce4842177e346029b62ab9b403ed2ba8114d167
parent	e1efdf912f9f2d8a1ff9704454615de1dc1716fc [diff] [blame]