commit a5cedbcd3fc3b5953416bdad1c20ec6901ec5f7d
author Hanno Becker <hanno.becker@arm.com> Wed Jul 17 11:21:02 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Mon Sep 09 09:45:57 2019 +0100
tree 4be625eaa57719d5d17b1b1e2bb6552b5d66b4b1
parent 505be8be4d3b18e7acd723b90c36fdb9957a1909

Introduce MD handle type

As has been previously done for ciphersuites, this commit introduces
a zero-cost abstraction layer around the type

  mbedtls_md_info const *

whose valid values represent implementations of message digest algorithms.

Access to a particular digest implementation can be requested by name or
digest ID through the API mbedtls_md_info_from_xxx(), which either returns
a valid implementation or NULL, representing failure.

This commit replaces such uses of `mbedtls_md_info const *` by an abstract
type `mbedtls_md_handle_t` whose valid values represent digest implementations,
and which has a designated invalid value MBEDTLS_MD_INVALID_HANDLE.

The purpose of this abstraction layer is to pave the way for builds which
support precisely one digest algorithm. In this case, mbedtls_md_handle_t
can be implemented as a two-valued type, with one value representing the
invalid handle, and the unique valid value representing the unique enabled
digest.

library/ssl_tls.c

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e47c456..b17e33d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -660,7 +660,7 @@
     const unsigned char *S1, *S2;
     unsigned char tmp[128];
     unsigned char h_i[20];
-    const mbedtls_md_info_t *md_info;
+    mbedtls_md_handle_t md_info;
     mbedtls_md_context_t md_ctx;
     int ret;
 
@@ -681,8 +681,11 @@
     /*
      * First compute P_md5(secret,label+random)[0..dlen]
      */
-    if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL )
+    if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) ==
+        MBEDTLS_MD_INVALID_HANDLE )
+    {
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
 
     if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
         return( ret );
@@ -712,8 +715,11 @@
     /*
      * XOR out with P_sha1(secret,label+random)[0..dlen]
      */
-    if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
+    if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) ==
+        MBEDTLS_MD_INVALID_HANDLE )
+    {
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
 
     if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
         return( ret );
@@ -763,14 +769,17 @@
     size_t i, j, k, md_len;
     unsigned char tmp[128];
     unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
-    const mbedtls_md_info_t *md_info;
+    mbedtls_md_handle_t md_info;
     mbedtls_md_context_t md_ctx;
     int ret;
 
     mbedtls_md_init( &md_ctx );
 
-    if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL )
+    if( ( md_info = mbedtls_md_info_from_type( md_type ) ) ==
+        MBEDTLS_MD_INVALID_HANDLE )
+    {
         return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
 
     md_len = mbedtls_md_get_size( md_info );
 
@@ -1244,7 +1253,7 @@
     unsigned keylen;
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info;
     const mbedtls_cipher_info_t *cipher_info;
-    const mbedtls_md_info_t *md_info;
+    mbedtls_md_handle_t md_info;
 
 #if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL) && \
     !defined(MBEDTLS_SSL_EXPORT_KEYS) && \
@@ -1293,7 +1302,7 @@
 
     md_info = mbedtls_md_info_from_type(
         mbedtls_ssl_suite_get_mac( ciphersuite_info ) );
-    if( md_info == NULL )
+    if( md_info == MBEDTLS_MD_INVALID_HANDLE )
     {
         MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
                        mbedtls_ssl_suite_get_mac( ciphersuite_info ) ) );
@@ -3368,7 +3377,8 @@
 
             memset( tmp, 0, sizeof( tmp ) );
 
-            switch( mbedtls_md_get_type( transform->md_ctx_dec.md_info ) )
+            switch( mbedtls_md_get_type(
+                        mbedtls_md_get_handle( &transform->md_ctx_dec ) ) )
             {
 #if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \
     defined(MBEDTLS_SHA256_C)
@@ -6890,13 +6900,16 @@
         ssl->session->peer_cert_digest;
     mbedtls_md_type_t const peer_cert_digest_type =
         ssl->session->peer_cert_digest_type;
-    mbedtls_md_info_t const * const digest_info =
+    mbedtls_md_handle_t digest_info =
         mbedtls_md_info_from_type( peer_cert_digest_type );
     unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN];
     size_t digest_len;
 
-    if( peer_cert_digest == NULL || digest_info == NULL )
+    if( peer_cert_digest == NULL ||
+        digest_info == MBEDTLS_MD_INVALID_HANDLE )
+    {
         return( -1 );
+    }
 
     digest_len = mbedtls_md_get_size( digest_info );
     if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN )
@@ -10110,9 +10123,9 @@
 
     if( session->peer_cert_digest_len != 0 )
     {
-        const mbedtls_md_info_t *md_info =
+        mbedtls_md_handle_t md_info =
             mbedtls_md_info_from_type( session->peer_cert_digest_type );
-        if( md_info == NULL )
+        if( md_info == MBEDTLS_MD_INVALID_HANDLE )
             return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
         if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) )
             return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -12484,7 +12497,7 @@
 {
     int ret = 0;
     mbedtls_md_context_t ctx;
-    const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
+    mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg );
     *hashlen = mbedtls_md_get_size( md_info );
 
     mbedtls_md_init( &ctx );