Check return codes from MD in ssl code
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index f08a9bd..ab68715 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3096,57 +3096,12 @@
defined(MBEDTLS_SSL_PROTO_TLS1_1)
if( md_alg == MBEDTLS_MD_NONE )
{
- mbedtls_md5_context mbedtls_md5;
- mbedtls_sha1_context mbedtls_sha1;
-
- mbedtls_md5_init( &mbedtls_md5 );
-
- /*
- * digitally-signed struct {
- * opaque md5_hash[16];
- * opaque sha_hash[20];
- * };
- *
- * md5_hash
- * MD5(ClientHello.random + ServerHello.random
- * + ServerParams);
- * sha_hash
- * SHA(ClientHello.random + ServerHello.random
- * + ServerParams);
- */
-
- if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0 ||
- ( ret = mbedtls_md5_update_ext( &mbedtls_md5,
- ssl->handshake->randbytes, 64 ) ) != 0 ||
- ( ret = mbedtls_md5_update_ext( &mbedtls_md5, dig_signed,
- dig_signed_len ) ) != 0 ||
- ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, hash ) ) != 0 )
- {
- mbedtls_md5_free( &mbedtls_md5 );
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_*", ret );
- return( ret );
- }
-
- mbedtls_md5_free( &mbedtls_md5 );
-
- mbedtls_sha1_init( &mbedtls_sha1 );
-
- if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0 ||
- ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1,
- ssl->handshake->randbytes, 64 ) ) != 0 ||
- ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, dig_signed,
- dig_signed_len ) ) != 0 ||
- ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1,
- hash + 16 ) ) != 0 )
- {
- mbedtls_sha1_free( &mbedtls_sha1 );
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_*", ret );
- return( ret );
- }
-
- mbedtls_sha1_free( &mbedtls_sha1 );
-
hashlen = 36;
+ ret = mbedtls_ssl_get_key_exchange_md_ssl_tls( ssl, hash,
+ dig_signed,
+ dig_signed_len );
+ if( ret != 0 )
+ return( ret );
}
else
#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
@@ -3155,36 +3110,14 @@
defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( md_alg != MBEDTLS_MD_NONE )
{
- mbedtls_md_context_t ctx;
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
-
- mbedtls_md_init( &ctx );
-
/* Info from md_alg will be used instead */
hashlen = 0;
-
- /*
- * digitally-signed struct {
- * opaque client_random[32];
- * opaque server_random[32];
- * ServerDHParams params;
- * };
- */
- if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 ||
- ( ret = mbedtls_md_starts( &ctx ) ) != 0 ||
- ( ret = mbedtls_md_update( &ctx,
- ssl->handshake->randbytes, 64 ) ) != 0 ||
- ( ret = mbedtls_md_update( &ctx, dig_signed,
- dig_signed_len ) ) != 0 ||
- ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 )
- {
- mbedtls_md_free( &ctx );
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_*", ret );
+ ret = mbedtls_ssl_get_key_exchange_md_tls1_2( ssl, hash,
+ dig_signed,
+ dig_signed_len,
+ md_alg );
+ if( ret != 0 )
return( ret );
- }
-
-
- mbedtls_md_free( &ctx );
}
else
#endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
