From 72a7f53064e489471a130a06aea0b01a9039899c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 2 May 2017 11:38:47 +0100 Subject: [PATCH] Add int return values to SHA-256 function calls The following function calls are being deprecated to introduce int return values. * mbedtls_sha256() * mbedtls_sha256_starts() * mbedtls_sha256_update() * mbedtls_sha256_finish() * mbedtls_sha256_process() The return codes can be used to return error values. This is important when using hardware accelerators. --- include/mbedtls/sha256.h | 140 ++++++++++++++++++++++++++++++++++++--- library/sha256.c | 97 +++++++++++++++++++-------- 2 files changed, 202 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index f8041adf0..3667e8c10 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -32,6 +32,11 @@ #include #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_SHA256_ALT) // Regular implementation // @@ -80,8 +85,10 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * * \param ctx context to be initialized * \param is224 0 = use SHA256, 1 = use SHA224 + * + * \return 0 if successful */ -void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); +int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ); /** * \brief SHA-256 process buffer @@ -89,20 +96,105 @@ void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); * \param ctx SHA-256 context * \param input buffer holding the data * \param ilen length of the input data + * + * \return 0 if successful */ -void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, - size_t ilen ); +int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief SHA-256 final digest * * \param ctx SHA-256 context * \param output SHA-224/256 checksum result + * + * \return 0 if successful */ -void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ); +int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, + unsigned char output[32] ); -/* Internal use */ -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ); +/** + * \brief SHA-256 process data block (internal use only) + * + * \param ctx SHA-256 context + * \param data buffer holding one block of data + * + * \return 0 if successful + */ +int mbedtls_sha256_process_ext( mbedtls_sha256_context *ctx, + const unsigned char data[64] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief SHA-256 context setup + * + * \deprecated Superseded by mbedtls_sha256_starts_ext() in 2.5.0 + * + * \param ctx context to be initialized + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256_starts( + mbedtls_sha256_context *ctx, + int is224 ) +{ + mbedtls_sha256_starts_ext( ctx, is224 ); +} + +/** + * \brief SHA-256 process buffer + * + * \deprecated Superseded by mbedtls_sha256_update_ext() in 2.5.0 + * + * \param ctx SHA-256 context + * \param input buffer holding the data + * \param ilen length of the input data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256_update( + mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ) +{ + mbedtls_sha256_update_ext( ctx, input, ilen ); +} + +/** + * \brief SHA-256 final digest + * + * \deprecated Superseded by mbedtls_sha256_finish_ext() in 2.5.0 + * + * \param ctx SHA-256 context + * \param output SHA-224/256 checksum result + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256_finish( + mbedtls_sha256_context *ctx, + unsigned char output[32] ) +{ + mbedtls_sha256_finish_ext( ctx, output ); +} + +/** + * \brief SHA-256 process data block (internal use only) + * + * \deprecated Superseded by mbedtls_sha256_process_ext() in 2.5.0 + * + * \param ctx SHA-256 context + * \param data buffer holding one block of data + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256_process( + mbedtls_sha256_context *ctx, + const unsigned char data[64] ) +{ + mbedtls_sha256_process_ext( ctx, data ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } @@ -123,9 +215,41 @@ extern "C" { * \param ilen length of the input data * \param output SHA-224/256 checksum result * \param is224 0 = use SHA256, 1 = use SHA224 + * + * \return 0 if successful */ -void mbedtls_sha256( const unsigned char *input, size_t ilen, - unsigned char output[32], int is224 ); +int mbedtls_sha256_ext( const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224 ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Output = SHA-256( input buffer ) + * + * \deprecated Superseded by mbedtls_sha256_ext() in 2.5.0 + * + * \param input buffer holding the data + * \param ilen length of the input data + * \param output SHA-224/256 checksum result + * \param is224 0 = use SHA256, 1 = use SHA224 + */ +MBEDTLS_DEPRECATED static inline void mbedtls_sha256( + const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224 ) +{ + mbedtls_sha256_ext( input, ilen, output, is224 ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ /** * \brief Checkup routine diff --git a/library/sha256.c b/library/sha256.c index ad25d3833..337b8e643 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -100,7 +100,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, /* * SHA-256 context setup */ -void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) +int mbedtls_sha256_starts_ext( mbedtls_sha256_context *ctx, int is224 ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -131,6 +131,8 @@ void mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) } ctx->is224 = is224; + + return( 0 ); } #if !defined(MBEDTLS_SHA256_PROCESS_ALT) @@ -179,7 +181,8 @@ static const uint32_t K[] = d += temp1; h = temp1 + temp2; \ } -void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char data[64] ) +int mbedtls_sha256_process_ext( mbedtls_sha256_context *ctx, + const unsigned char data[64] ) { uint32_t temp1, temp2, W[64]; uint32_t A[8]; @@ -232,20 +235,24 @@ void mbedtls_sha256_process( mbedtls_sha256_context *ctx, const unsigned char da for( i = 0; i < 8; i++ ) ctx->state[i] += A[i]; + + return( 0 ); } #endif /* !MBEDTLS_SHA256_PROCESS_ALT */ /* * SHA-256 process buffer */ -void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, - size_t ilen ) +int mbedtls_sha256_update_ext( mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ) { + int ret; size_t fill; uint32_t left; if( ilen == 0 ) - return; + return( 0 ); left = ctx->total[0] & 0x3F; fill = 64 - left; @@ -259,7 +266,10 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *in if( left && ilen >= fill ) { memcpy( (void *) (ctx->buffer + left), input, fill ); - mbedtls_sha256_process( ctx, ctx->buffer ); + + if( ( ret = mbedtls_sha256_process_ext( ctx, ctx->buffer ) ) != 0 ) + return( ret ); + input += fill; ilen -= fill; left = 0; @@ -267,13 +277,17 @@ void mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *in while( ilen >= 64 ) { - mbedtls_sha256_process( ctx, input ); + if( ( ret = mbedtls_sha256_process_ext( ctx, input ) ) != 0 ) + return( ret ); + input += 64; ilen -= 64; } if( ilen > 0 ) memcpy( (void *) (ctx->buffer + left), input, ilen ); + + return( 0 ); } static const unsigned char sha256_padding[64] = @@ -287,8 +301,10 @@ static const unsigned char sha256_padding[64] = /* * SHA-256 final digest */ -void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32] ) +int mbedtls_sha256_finish_ext( mbedtls_sha256_context *ctx, + unsigned char output[32] ) { + int ret; uint32_t last, padn; uint32_t high, low; unsigned char msglen[8]; @@ -303,8 +319,11 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32 last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - mbedtls_sha256_update( ctx, sha256_padding, padn ); - mbedtls_sha256_update( ctx, msglen, 8 ); + if( ( ret = mbedtls_sha256_update_ext( ctx, sha256_padding, padn ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha256_update_ext( ctx, msglen, 8 ) ) != 0 ) + return( ret ); PUT_UINT32_BE( ctx->state[0], output, 0 ); PUT_UINT32_BE( ctx->state[1], output, 4 ); @@ -316,6 +335,8 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32 if( ctx->is224 == 0 ) PUT_UINT32_BE( ctx->state[7], output, 28 ); + + return( 0 ); } #endif /* !MBEDTLS_SHA256_ALT */ @@ -323,16 +344,28 @@ void mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char output[32 /* * output = SHA-256( input buffer ) */ -void mbedtls_sha256( const unsigned char *input, size_t ilen, - unsigned char output[32], int is224 ) +int mbedtls_sha256_ext( const unsigned char *input, + size_t ilen, + unsigned char output[32], + int is224 ) { + int ret; mbedtls_sha256_context ctx; mbedtls_sha256_init( &ctx ); - mbedtls_sha256_starts( &ctx, is224 ); - mbedtls_sha256_update( &ctx, input, ilen ); - mbedtls_sha256_finish( &ctx, output ); + + if( ( ret = mbedtls_sha256_starts_ext( &ctx, is224 ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha256_update_ext( &ctx, input, ilen ) ) != 0 ) + return( ret ); + + if( ( ret = mbedtls_sha256_finish_ext( &ctx, output ) ) != 0 ) + return( ret ); + mbedtls_sha256_free( &ctx ); + + return( 0 ); } #if defined(MBEDTLS_SELF_TEST) @@ -415,29 +448,31 @@ int mbedtls_sha256_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); - mbedtls_sha256_starts( &ctx, k ); + if( mbedtls_sha256_starts_ext( &ctx, k ) != 0 ) + goto fail; if( j == 2 ) { memset( buf, 'a', buflen = 1000 ); for( j = 0; j < 1000; j++ ) - mbedtls_sha256_update( &ctx, buf, buflen ); + if( mbedtls_sha256_update_ext( &ctx, buf, buflen ) != 0 ) + goto fail; + } else - mbedtls_sha256_update( &ctx, sha256_test_buf[j], - sha256_test_buflen[j] ); + { + if( mbedtls_sha256_update_ext( &ctx, sha256_test_buf[j], + sha256_test_buflen[j] ) != 0 ) + goto fail; + } + + if( mbedtls_sha256_finish_ext( &ctx, sha256sum ) != 0 ) + goto fail; - mbedtls_sha256_finish( &ctx, sha256sum ); if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + goto fail; if( verbose != 0 ) mbedtls_printf( "passed\n" ); @@ -446,6 +481,14 @@ int mbedtls_sha256_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "\n" ); + goto exit; + +fail: + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + + ret = 1; + exit: mbedtls_sha256_free( &ctx ); mbedtls_free( buf );