pk_{sign,verify}() now accept hash_len = 0
diff --git a/library/pk.c b/library/pk.c
index 0923afe..77f5034 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -150,13 +150,31 @@
}
/*
+ * Helper for pk_sign and pk_verify
+ */
+static inline int pk_hashlen_helper( md_type_t md_alg, size_t *hash_len )
+{
+ const md_info_t *md_info;
+
+ if( *hash_len != 0 )
+ return( 0 );
+
+ if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
+ return( -1 );
+
+ *hash_len = md_info->size;
+ return( 0 );
+}
+
+/*
* Verify a signature
*/
int pk_verify( pk_context *ctx, md_type_t md_alg,
const unsigned char *hash, size_t hash_len,
const unsigned char *sig, size_t sig_len )
{
- if( ctx == NULL || ctx->pk_info == NULL )
+ if( ctx == NULL || ctx->pk_info == NULL ||
+ pk_hashlen_helper( md_alg, &hash_len ) != 0 )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->verify_func == NULL )
@@ -174,7 +192,8 @@
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- if( ctx == NULL || ctx->pk_info == NULL )
+ if( ctx == NULL || ctx->pk_info == NULL ||
+ pk_hashlen_helper( md_alg, &hash_len ) != 0 )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->sign_func == NULL )
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 511d61d..6c584c0 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -1164,8 +1164,6 @@
size_t *hash_len,
pk_type_t *pk_alg )
{
- const md_info_t *md_info;
-
((void) ssl);
*md_alg = POLARSSL_MD_NONE;
*pk_alg = POLARSSL_PK_NONE;
@@ -1180,6 +1178,9 @@
if( (*p) + 2 > end )
return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
+ /* Info from md_alg will be used instead */
+ *hash_len = 0;
+
/*
* Get hash algorithm
*/
@@ -1191,18 +1192,6 @@
}
/*
- * Get hash_len from hash alg
- */
- if( ( md_info = md_info_from_type( *md_alg ) ) == NULL )
- {
- SSL_DEBUG_MSG( 2, ( "Server used unsupported "
- "HashAlgorithm %d", *(p)[0] ) );
- return( POLARSSL_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
- }
-
- *hash_len = md_info->size;
-
- /*
* Get signature algorithm
*/
if( ( *pk_alg = ssl_pk_alg_from_sig( (*p)[1] ) ) == POLARSSL_PK_NONE )
@@ -1956,7 +1945,6 @@
}
else
{
- const md_info_t *md_info;
/*
* digitally-signed struct {
* opaque handshake_messages[handshake_messages_length];
@@ -1985,13 +1973,8 @@
}
ssl->out_msg[5] = ssl_sig_from_pk( ssl->pk_key );
- if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
- {
- SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
- }
-
- hashlen = md_info->size;
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
offset = 2;
}
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f13b9c2..731d2bd 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1989,7 +1989,9 @@
else
{
md_context_t ctx;
- const md_info_t *md_info;
+
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
/*
* digitally-signed struct {
@@ -1998,17 +2000,14 @@
* ServerDHParams params;
* };
*/
- md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg );
-
- if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
+ if( ( md_alg = ssl_md_alg_from_hash( ssl->handshake->sig_alg ) )
+ == POLARSSL_MD_NONE )
{
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
}
- hashlen = md_info->size;
-
- if( ( ret = md_init_ctx( &ctx, md_info ) ) != 0 )
+ if( ( ret = md_init_ctx( &ctx, md_info_from_type(md_alg) ) ) != 0 )
{
SSL_DEBUG_RET( 1, "md_init_ctx", ret );
return( ret );
@@ -2502,7 +2501,6 @@
size_t hashlen;
pk_type_t pk_alg;
md_type_t md_alg;
- const md_info_t *md_info;
const ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
@@ -2575,15 +2573,8 @@
md_alg = ssl_md_alg_from_hash( ssl->handshake->verify_sig_alg );
- /*
- * Get hashlen from MD
- */
- if( ( md_info = md_info_from_type( md_alg ) ) == NULL )
- {
- SSL_DEBUG_MSG( 1, ( "requested hash not available " ) );
- return( POLARSSL_ERR_SSL_FEATURE_UNAVAILABLE );
- }
- hashlen = md_info->size;
+ /* Info from md_alg will be used instead */
+ hashlen = 0;
/*
* Signature