Make hmac_ctx optional

Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.

ChangeLog

@@ -6,6 +6,7 @@ Features
   * Support for DTLS 1.0 and 1.2 (RFC 6347).
 
 API Changes
+   * md_init_ctx() gained a new argument for optional hmac usage
    * Removed individual mdX_hmac and shaX_hmac functions (use generic
      md_hmac functions from md.h)
    * Change md_info_t into an opaque structure (use md_get_xxx() accessors).

include/mbedtls/md.h

@@ -142,12 +142,14 @@ void md_free( md_context_t *ctx );
  *                 digest-specific context (ctx->md_ctx) must be NULL. It will
  *                 be allocated, and must be freed using md_free() later.
  * \param md_info  message digest to use.
+ * \param hmac     non-zero if you want to use this context for hmac too,
+ *                 zero otherwise (saves some memory).
  *
  * \returns        \c 0 on success, \c POLARSSL_ERR_MD_BAD_INPUT_DATA on
  *                 parameter failure, \c POLARSSL_ERR_MD_ALLOC_FAILED if
  *                 allocation of the digest-specific context failed.
  */
-int md_init_ctx( md_context_t *ctx, const md_info_t *md_info );
+int md_init_ctx( md_context_t *ctx, const md_info_t *md_info, int hmac );
 
 /**
  * \brief           Returns the size of the message digest output.

library/hmac_drbg.c

@@ -97,7 +97,7 @@ int hmac_drbg_init_buf( hmac_drbg_context *ctx,
 
     md_init( &ctx->md_ctx );
 
-    if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
+    if( ( ret = md_init_ctx( &ctx->md_ctx, md_info, 1 ) ) != 0 )
         return( ret );
 
     /*
@@ -171,7 +171,7 @@ int hmac_drbg_init( hmac_drbg_context *ctx,
 
     md_init( &ctx->md_ctx );
 
-    if( ( ret = md_init_ctx( &ctx->md_ctx, md_info ) ) != 0 )
+    if( ( ret = md_init_ctx( &ctx->md_ctx, md_info, 1 ) ) != 0 )
         return( ret );
 
     md_size = md_get_size( md_info );

library/md.c

@@ -199,7 +199,7 @@ void md_free( md_context_t *ctx )
     polarssl_zeroize( ctx, sizeof( md_context_t ) );
 }
 
-int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
+int md_init_ctx( md_context_t *ctx, const md_info_t *md_info, int hmac  )
 {
     if( md_info == NULL || ctx == NULL )
         return( POLARSSL_ERR_MD_BAD_INPUT_DATA );
@@ -209,12 +209,15 @@ int md_init_ctx( md_context_t *ctx, const md_info_t *md_info )
     if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL )
         return( POLARSSL_ERR_MD_ALLOC_FAILED );
 
+    if( hmac != 0 )
+    {
         ctx->hmac_ctx = polarssl_malloc( 2 * md_info->block_size );
         if( ctx->hmac_ctx == NULL )
         {
             md_info->ctx_free_func( ctx->md_ctx );
             return( POLARSSL_ERR_MD_ALLOC_FAILED );
         }
+    }
 
     ctx->md_info = md_info;
 
@@ -382,7 +385,7 @@ int md_hmac( const md_info_t *md_info, const unsigned char *key, size_t keylen,
 
     md_init( &ctx );
 
-    if( ( ret = md_init_ctx( &ctx, md_info ) ) != 0 )
+    if( ( ret = md_init_ctx( &ctx, md_info, 1 ) ) != 0 )
         return( ret );
 
     md_hmac_starts( &ctx, key, keylen );

library/pkcs12.c

@@ -268,7 +268,7 @@ int pkcs12_derivation( unsigned char *data, size_t datalen,
 
     md_init( &md_ctx );
 
-    if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+    if( ( ret = md_init_ctx( &md_ctx, md_info, 0 ) ) != 0 )
         return( ret );
     hlen = md_get_size( md_info );
 

library/pkcs5.c

@@ -189,7 +189,7 @@ int pkcs5_pbes2( const asn1_buf *pbe_params, int mode,
 
     memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
 
-    if( ( ret = md_init_ctx( &md_ctx, md_info ) ) != 0 )
+    if( ( ret = md_init_ctx( &md_ctx, md_info, 1 ) ) != 0 )
         goto exit;
 
     if( ( ret = pkcs5_pbkdf2_hmac( &md_ctx, pwd, pwdlen, salt.p, salt.len,
@@ -365,7 +365,7 @@ int pkcs5_self_test( int verbose )
         goto exit;
     }
 
-    if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 )
+    if( ( ret = md_init_ctx( &sha1_ctx, info_sha1, 1 ) ) != 0 )
     {
         ret = 1;
         goto exit;

library/rsa.c

@@ -556,7 +556,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
     memcpy( p, input, ilen );
 
     md_init( &md_ctx );
-    md_init_ctx( &md_ctx, md_info );
+    md_init_ctx( &md_ctx, md_info, 0 );
 
     // maskedDB: Apply dbMask to DB
     //
@@ -725,7 +725,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
     hlen = md_get_size( md_info );
 
     md_init( &md_ctx );
-    md_init_ctx( &md_ctx, md_info );
+    md_init_ctx( &md_ctx, md_info, 0 );
 
     /* Generate lHash */
     md( md_info, label, label_len, lhash );
@@ -969,7 +969,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
     p += slen;
 
     md_init( &md_ctx );
-    md_init_ctx( &md_ctx, md_info );
+    md_init_ctx( &md_ctx, md_info, 0 );
 
     // Generate H = Hash( M' )
     //
@@ -1201,7 +1201,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
         return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
 
     md_init( &md_ctx );
-    md_init_ctx( &md_ctx, md_info );
+    md_init_ctx( &md_ctx, md_info, 0 );
 
     mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
 

library/ssl_cli.c

@@ -2173,7 +2173,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl )
              * };
              */
             if( ( ret = md_init_ctx( &ctx,
-                                     md_info_from_type( md_alg ) ) ) != 0 )
+                                     md_info_from_type( md_alg ), 0 ) ) != 0 )
             {
                 SSL_DEBUG_RET( 1, "md_init_ctx", ret );
                 return( ret );

library/ssl_cookie.c

@@ -104,7 +104,7 @@ int ssl_cookie_setup( ssl_cookie_ctx *ctx,
     if( ( ret = f_rng( p_rng, key, sizeof( key ) ) ) != 0 )
         return( ret );
 
-    ret = md_init_ctx( &ctx->hmac_ctx, md_info_from_type( COOKIE_MD ) );
+    ret = md_init_ctx( &ctx->hmac_ctx, md_info_from_type( COOKIE_MD ), 1 );
     if( ret != 0 )
         return( ret );
 

library/ssl_srv.c

@@ -3073,7 +3073,7 @@ curve_matching_done:
              *     ServerDHParams params;
              * };
              */
-            if( ( ret = md_init_ctx( &ctx, md_info ) ) != 0 )
+            if( ( ret = md_init_ctx( &ctx, md_info, 0 ) ) != 0 )
             {
                 SSL_DEBUG_RET( 1, "md_init_ctx", ret );
                 return( ret );

library/ssl_tls.c

@@ -658,8 +658,8 @@ int ssl_derive_keys( ssl_context *ssl )
         int ret;
 
         /* Initialize HMAC contexts */
-        if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info ) ) != 0 ||
-            ( ret = md_init_ctx( &transform->md_ctx_dec, md_info ) ) != 0 )
+        if( ( ret = md_init_ctx( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
+            ( ret = md_init_ctx( &transform->md_ctx_dec, md_info, 1 ) ) != 0 )
         {
             SSL_DEBUG_RET( 1, "md_init_ctx", ret );
             return( ret );

programs/aes/aescrypt2.c

@@ -101,7 +101,7 @@ int main( int argc, char *argv[] )
     aes_init( &aes_ctx );
     md_init( &sha_ctx );
 
-    ret = md_init_ctx( &sha_ctx, md_info_from_type( POLARSSL_MD_SHA256 ) );
+    ret = md_init_ctx( &sha_ctx, md_info_from_type( POLARSSL_MD_SHA256 ), 1 );
     if( ret != 0 )
     {
         polarssl_printf( "  ! md_init_ctx() returned -0x%04x\n", -ret );

programs/aes/crypt_and_hash.c

@@ -185,7 +185,7 @@ int main( int argc, char *argv[] )
         polarssl_fprintf( stderr, "Message Digest '%s' not found\n", argv[5] );
         goto exit;
     }
-    md_init_ctx( &md_ctx, md_info);
+    md_init_ctx( &md_ctx, md_info, 1 );
 
     /*
      * Read the secret key and clean the command line.

programs/hash/generic_sum.c

@@ -204,7 +204,7 @@ int main( int argc, char *argv[] )
         polarssl_fprintf( stderr, "Message Digest '%s' not found\n", argv[1] );
         return( 1 );
     }
-    if( md_init_ctx( &md_ctx, md_info) )
+    if( md_init_ctx( &md_ctx, md_info, 0 ) )
     {
         polarssl_fprintf( stderr, "Failed to initialize context.\n" );
         return( 1 );

tests/suites/test_suite_md.function

@@ -29,7 +29,7 @@ void md_process( )
     {
         info = md_info_from_type( *md_type_ptr );
         TEST_ASSERT( info != NULL );
-        TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 );
+        TEST_ASSERT( md_init_ctx( &ctx, info, 0 ) == 0 );
         TEST_ASSERT( md_process( &ctx, buf ) == 0 );
         md_free( &ctx );
     }
@@ -54,8 +54,8 @@ void md_null_args( )
 
     TEST_ASSERT( md_info_from_string( NULL ) == NULL );
 
-    TEST_ASSERT( md_init_ctx( &ctx, NULL ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
-    TEST_ASSERT( md_init_ctx( NULL, info ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
+    TEST_ASSERT( md_init_ctx( &ctx, NULL, 0 ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
+    TEST_ASSERT( md_init_ctx( NULL, info, 0 ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
 
     TEST_ASSERT( md_starts( NULL ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
     TEST_ASSERT( md_starts( &ctx ) == POLARSSL_ERR_MD_BAD_INPUT_DATA );
@@ -195,7 +195,7 @@ void md_text_multi( char *text_md_name, char *text_src_string,
     strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 );
     md_info = md_info_from_string(md_name);
     TEST_ASSERT( md_info != NULL );
-    TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) );
+    TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info, 0 ) );
 
     TEST_ASSERT ( 0 == md_starts( &ctx ) );
     TEST_ASSERT ( ctx.md_ctx != NULL );
@@ -233,7 +233,7 @@ void md_hex_multi( char *text_md_name, char *hex_src_string,
     strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 );
     md_info = md_info_from_string(md_name);
     TEST_ASSERT( md_info != NULL );
-    TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) );
+    TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info, 0 ) );
 
     src_len = unhexify( src_str, hex_src_string );
 
@@ -307,7 +307,7 @@ void md_hmac_multi( char *text_md_name, int trunc_size, char *hex_key_string,
     strncpy( (char *) md_name, text_md_name, sizeof(md_name) - 1 );
     md_info = md_info_from_string( md_name );
     TEST_ASSERT( md_info != NULL );
-    TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info ) );
+    TEST_ASSERT ( 0 == md_init_ctx( &ctx, md_info, 1 ) );
 
     key_len = unhexify( key_str, hex_key_string );
     src_len = unhexify( src_str, hex_src_string );

tests/suites/test_suite_pkcs5.function

@@ -36,7 +36,7 @@ void pbkdf2_hmac( int hash, char *hex_password_string,
     TEST_ASSERT( info != NULL );
     if( info == NULL )
         return;
-    TEST_ASSERT( md_init_ctx( &ctx, info ) == 0 );
+    TEST_ASSERT( md_init_ctx( &ctx, info, 1 ) == 0 );
     TEST_ASSERT( pkcs5_pbkdf2_hmac( &ctx, pw_str, pw_len, salt_str, salt_len,
                                      it_cnt, key_len, key ) == 0 );