Added md_process() to MD layer for generic internal access to hash
process functions
Access to process functions is needed to reduce possible timing attacks
on SSL MAC checks. As SSL is set to move to using the dynamic MD layer,
the MD layer needs access to these process functions as well.
diff --git a/include/polarssl/md.h b/include/polarssl/md.h
index 88596cb..b81ebf1 100644
--- a/include/polarssl/md.h
+++ b/include/polarssl/md.h
@@ -111,6 +111,8 @@
/** Free the given context */
void (*ctx_free_func)( void *ctx );
+ /** Internal use only */
+ void (*process_func)( void *ctx, const unsigned char *input );
} md_info_t;
/**
@@ -347,6 +349,9 @@
const unsigned char *input, size_t ilen,
unsigned char *output );
+/* Internal use */
+int md_process( md_context_t *ctx, const unsigned char *data );
+
#ifdef __cplusplus
}
#endif
diff --git a/include/polarssl/md2.h b/include/polarssl/md2.h
index 1f60470..02a0a10 100644
--- a/include/polarssl/md2.h
+++ b/include/polarssl/md2.h
@@ -146,6 +146,9 @@
*/
int md2_self_test( int verbose );
+/* Internal use */
+void md2_process( md2_context *ctx );
+
#ifdef __cplusplus
}
#endif
diff --git a/include/polarssl/md4.h b/include/polarssl/md4.h
index 641edf1..4791fb1 100644
--- a/include/polarssl/md4.h
+++ b/include/polarssl/md4.h
@@ -152,6 +152,9 @@
*/
int md4_self_test( int verbose );
+/* Internal use */
+void md4_process( md4_context *ctx, const unsigned char data[64] );
+
#ifdef __cplusplus
}
#endif
diff --git a/include/polarssl/sha4.h b/include/polarssl/sha4.h
index 6aae124..5563676 100644
--- a/include/polarssl/sha4.h
+++ b/include/polarssl/sha4.h
@@ -161,6 +161,9 @@
*/
int sha4_self_test( int verbose );
+/* Internal use */
+void sha4_process( sha4_context *ctx, const unsigned char data[128] );
+
#ifdef __cplusplus
}
#endif
diff --git a/library/md.c b/library/md.c
index 96065c9..07a93ec 100644
--- a/library/md.c
+++ b/library/md.c
@@ -294,4 +294,14 @@
return 0;
}
+int md_process( md_context_t *ctx, const unsigned char *data )
+{
+ if( ctx == NULL || ctx->md_info == NULL )
+ return POLARSSL_ERR_MD_BAD_INPUT_DATA;
+
+ ctx->md_info->process_func( ctx->md_ctx, data );
+
+ return 0;
+}
+
#endif
diff --git a/library/md2.c b/library/md2.c
index 954aa07..73abdfa 100644
--- a/library/md2.c
+++ b/library/md2.c
@@ -80,7 +80,7 @@
ctx->left = 0;
}
-static void md2_process( md2_context *ctx )
+void md2_process( md2_context *ctx )
{
int i, j;
unsigned char t = 0;
diff --git a/library/md4.c b/library/md4.c
index 82adcd8..6012526 100644
--- a/library/md4.c
+++ b/library/md4.c
@@ -76,7 +76,7 @@
ctx->state[3] = 0x10325476;
}
-static void md4_process( md4_context *ctx, const unsigned char data[64] )
+void md4_process( md4_context *ctx, const unsigned char data[64] )
{
uint32_t X[16], A, B, C, D;
diff --git a/library/md_wrap.c b/library/md_wrap.c
index f276db5..93c35f3 100644
--- a/library/md_wrap.c
+++ b/library/md_wrap.c
@@ -117,6 +117,13 @@
free( ctx );
}
+static void md2_process_wrap( void *ctx, const unsigned char *data )
+{
+ ((void) data);
+
+ md2_process( (md2_context *) ctx );
+}
+
const md_info_t md2_info = {
POLARSSL_MD_MD2,
"MD2",
@@ -133,6 +140,7 @@
md2_hmac,
md2_ctx_alloc,
md2_ctx_free,
+ md2_process_wrap,
};
#endif
@@ -195,6 +203,11 @@
free( ctx );
}
+void md4_process_wrap( void *ctx, const unsigned char *data )
+{
+ md4_process( (md4_context *) ctx, data );
+}
+
const md_info_t md4_info = {
POLARSSL_MD_MD4,
"MD4",
@@ -211,6 +224,7 @@
md4_hmac,
md4_ctx_alloc,
md4_ctx_free,
+ md4_process_wrap,
};
#endif
@@ -273,6 +287,11 @@
free( ctx );
}
+static void md5_process_wrap( void *ctx, const unsigned char *data )
+{
+ md5_process( (md5_context *) ctx, data );
+}
+
const md_info_t md5_info = {
POLARSSL_MD_MD5,
"MD5",
@@ -289,6 +308,7 @@
md5_hmac,
md5_ctx_alloc,
md5_ctx_free,
+ md5_process_wrap,
};
#endif
@@ -351,6 +371,11 @@
free( ctx );
}
+void sha1_process_wrap( void *ctx, const unsigned char *data )
+{
+ sha1_process( (sha1_context *) ctx, data );
+}
+
const md_info_t sha1_info = {
POLARSSL_MD_SHA1,
"SHA1",
@@ -367,6 +392,7 @@
sha1_hmac,
sha1_ctx_alloc,
sha1_ctx_free,
+ sha1_process_wrap,
};
#endif
@@ -445,6 +471,11 @@
free( ctx );
}
+void sha224_process_wrap( void *ctx, const unsigned char *data )
+{
+ sha2_process( (sha2_context *) ctx, data );
+}
+
const md_info_t sha224_info = {
POLARSSL_MD_SHA224,
"SHA224",
@@ -461,6 +492,7 @@
sha224_hmac_wrap,
sha224_ctx_alloc,
sha224_ctx_free,
+ sha224_process_wrap,
};
void sha256_starts_wrap( void *ctx )
@@ -532,6 +564,11 @@
free( ctx );
}
+void sha256_process_wrap( void *ctx, const unsigned char *data )
+{
+ sha2_process( (sha2_context *) ctx, data );
+}
+
const md_info_t sha256_info = {
POLARSSL_MD_SHA256,
"SHA256",
@@ -548,6 +585,7 @@
sha256_hmac_wrap,
sha256_ctx_alloc,
sha256_ctx_free,
+ sha256_process_wrap,
};
#endif
@@ -623,6 +661,11 @@
free( ctx );
}
+void sha384_process_wrap( void *ctx, const unsigned char *data )
+{
+ sha4_process( (sha4_context *) ctx, data );
+}
+
const md_info_t sha384_info = {
POLARSSL_MD_SHA384,
"SHA384",
@@ -639,6 +682,7 @@
sha384_hmac_wrap,
sha384_ctx_alloc,
sha384_ctx_free,
+ sha384_process_wrap,
};
void sha512_starts_wrap( void *ctx )
@@ -710,6 +754,11 @@
free( ctx );
}
+void sha512_process_wrap( void *ctx, const unsigned char *data )
+{
+ sha4_process( (sha4_context *) ctx, data );
+}
+
const md_info_t sha512_info = {
POLARSSL_MD_SHA512,
"SHA512",
@@ -726,6 +775,7 @@
sha512_hmac_wrap,
sha512_ctx_alloc,
sha512_ctx_free,
+ sha512_process_wrap,
};
#endif
diff --git a/library/sha4.c b/library/sha4.c
index 6361a54..556cc4f 100644
--- a/library/sha4.c
+++ b/library/sha4.c
@@ -152,7 +152,7 @@
ctx->is384 = is384;
}
-static void sha4_process( sha4_context *ctx, const unsigned char data[128] )
+void sha4_process( sha4_context *ctx, const unsigned char data[128] )
{
int i;
uint64_t temp1, temp2, W[80];
