psa: Fix the size of hash buffers
Fix the size of hash buffers for PSA hash
operations.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index ffe00c7..8e61b51 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2232,7 +2232,7 @@
const uint8_t *hash,
size_t hash_length )
{
- uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE];
+ uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
psa_status_t status = psa_hash_finish(
operation,
@@ -2275,7 +2275,7 @@
const uint8_t *input, size_t input_length,
const uint8_t *hash, size_t hash_length )
{
- uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE];
+ uint8_t actual_hash[PSA_HASH_MAX_SIZE];
size_t actual_hash_length;
if( !PSA_ALG_IS_HASH( alg ) )
diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c
index 19671ec..cf20a9b 100644
--- a/library/psa_crypto_mac.c
+++ b/library/psa_crypto_mac.c
@@ -127,7 +127,7 @@
uint8_t *mac,
size_t mac_size )
{
- uint8_t tmp[MBEDTLS_MD_MAX_SIZE];
+ uint8_t tmp[PSA_HASH_MAX_SIZE];
psa_algorithm_t hash_alg = hmac->alg;
size_t hash_size = 0;
size_t block_size = PSA_HASH_BLOCK_LENGTH( hash_alg );
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 0e802e9..b87879c 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -37,6 +37,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
+#include "psa/crypto.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#include <string.h>
@@ -3242,7 +3243,11 @@
if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
{
size_t sig_len, hashlen;
- unsigned char hash[64];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ unsigned char hash[PSA_HASH_MAX_SIZE];
+#else
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+#endif
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
unsigned char *params = ssl->in_msg + mbedtls_ssl_hs_hdr_len( ssl );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index d9f226c..1a63173 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3467,7 +3467,11 @@
{
size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
size_t hashlen = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ unsigned char hash[PSA_HASH_MAX_SIZE];
+#else
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
+#endif
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/*
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8195af2..9757f86 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7529,7 +7529,7 @@
goto exit;
}
- if( ( status = psa_hash_finish( &hash_operation, hash, MBEDTLS_MD_MAX_SIZE,
+ if( ( status = psa_hash_finish( &hash_operation, hash, PSA_HASH_MAX_SIZE,
hashlen ) ) != PSA_SUCCESS )
{
MBEDTLS_SSL_DEBUG_RET( 1, "psa_hash_finish", status );