Make psa_hash_compare go through hash_compute

It's more efficient when dealing with hardware drivers. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2024-10-19 03:51:25 +00:00 · 2021-02-18 16:22:53 +01:00 · 2021-02-18 16:22:53 +01:00 · 84d670d20c
parent 0e307647e6
commit 84d670d20c
1 changed files with 11 additions and 18 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -2298,25 +2298,18 @@ psa_status_t psa_hash_compare( psa_algorithm_t alg,
                               const uint8_t *input, size_t input_length,
                               const uint8_t *hash, size_t hash_length )
 {
-    psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-    status = psa_hash_setup( &operation, alg );
+    uint8_t actual_hash[MBEDTLS_MD_MAX_SIZE];
+    size_t actual_hash_length;
+    psa_status_t status = psa_hash_compute( alg, input, input_length,
+                                            actual_hash, sizeof(actual_hash),
+                                            &actual_hash_length );
    if( status != PSA_SUCCESS )
-        goto exit;
-    status = psa_hash_update( &operation, input, input_length );
-    if( status != PSA_SUCCESS )
-        goto exit;
-    status = psa_hash_verify( &operation, hash, hash_length );
-    if( status != PSA_SUCCESS )
-        goto exit;
-
-exit:
-    if( status == PSA_SUCCESS )
-        status = psa_hash_abort( &operation );
-    else
-        psa_hash_abort( &operation );
-    return( status );
+        return( status );
+    if( actual_hash_length != hash_length )
+        return( PSA_ERROR_INVALID_SIGNATURE );
+    if( safer_memcmp( hash, actual_hash, actual_hash_length ) != 0 )
+        return( PSA_ERROR_INVALID_SIGNATURE );
+    return( PSA_SUCCESS );
 }

 psa_status_t psa_hash_clone( const psa_hash_operation_t *source_operation,