commit ed6d6589b37998b0b54495872debd9ee6429283f
author Gabor Mezei <gabor.mezei@arm.com> Sat Mar 26 17:28:06 2022 +0100
committer Gabor Mezei <gabor.mezei@arm.com> Sat Mar 26 17:28:06 2022 +0100
tree c509b7c8232a45324abfc431ac185a304ddaec3e
parent 07732f701592ef687de046c6d23b47e55187c896

Use hash algoritm for parameter instead of HMAC

To be compatible with the other functions `mbedtls_psa_hkdf_extract` and
`mbedtls_psa_hkdf_expand` use hash algorithm for parameter.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

library/ssl_tls13_keys.c

diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 2ce654b..5c851c7 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -137,7 +137,7 @@
 }
 
 MBEDTLS_STATIC_TESTABLE
-psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t alg,
+psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t hash_alg,
                                        const unsigned char *salt, size_t salt_len,
                                        const unsigned char *ikm, size_t ikm_len,
                                        unsigned char *prk, size_t prk_size,
@@ -148,6 +148,7 @@
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t destroy_status = PSA_ERROR_CORRUPTION_DETECTED;
+    psa_algorithm_t alg = PSA_ALG_HMAC( hash_alg );
 
     if( salt == NULL || salt_len == 0 )
     {
@@ -190,7 +191,7 @@
 }
 
 MBEDTLS_STATIC_TESTABLE
-psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t alg,
+psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t hash_alg,
                                       const unsigned char *prk, size_t prk_len,
                                       const unsigned char *info, size_t info_len,
                                       unsigned char *okm, size_t okm_len )
@@ -206,6 +207,7 @@
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_status_t destroy_status = PSA_ERROR_CORRUPTION_DETECTED;
     unsigned char t[PSA_MAC_MAX_SIZE];
+    psa_algorithm_t alg = PSA_ALG_HMAC( hash_alg );
 
     if( okm == NULL )
     {
@@ -350,7 +352,7 @@
                                  &hkdf_label_len );
 
     return( psa_ssl_status_to_mbedtls(
-                mbedtls_psa_hkdf_expand( PSA_ALG_HMAC( hash_alg ),
+                mbedtls_psa_hkdf_expand( hash_alg,
                                          secret, secret_len,
                                          hkdf_label, hkdf_label_len,
                                          buf, buf_len ) ) );
@@ -521,7 +523,7 @@
      * The salt is the old secret, and the input key material
      * is the input secret (PSK / ECDHE). */
     ret = psa_ssl_status_to_mbedtls(
-            mbedtls_psa_hkdf_extract( PSA_ALG_HMAC( hash_alg ),
+            mbedtls_psa_hkdf_extract( hash_alg,
                                       tmp_secret, hlen,
                                       tmp_input, ilen,
                                       secret_new, hlen, &secret_len ) );
@@ -914,8 +916,8 @@
                                unsigned char *result )
 {
     int ret = 0;
-    unsigned char binder_key[MBEDTLS_MD_MAX_SIZE];
-    unsigned char early_secret[MBEDTLS_MD_MAX_SIZE];
+    unsigned char binder_key[PSA_MAC_MAX_SIZE];
+    unsigned char early_secret[PSA_MAC_MAX_SIZE];
     size_t const hash_len = PSA_HASH_LENGTH( hash_alg );
     size_t actual_len;