Change ssl_srv to new MD API and check return code

library/ssl_srv.c

@@ -3099,8 +3099,7 @@ curve_matching_done:
             mbedtls_md5_context mbedtls_md5;
             mbedtls_sha1_context mbedtls_sha1;
 
-            mbedtls_md5_init(  &mbedtls_md5  );
+            mbedtls_md5_init( &mbedtls_md5 );
-            mbedtls_sha1_init( &mbedtls_sha1 );
 
             /*
              * digitally-signed struct {
@@ -3116,20 +3115,38 @@ curve_matching_done:
              *                            + ServerParams);
              */
 
-            mbedtls_md5_starts( &mbedtls_md5 );
+            if( ( ret = mbedtls_md5_starts_ext( &mbedtls_md5 ) ) != 0      ||
-            mbedtls_md5_update( &mbedtls_md5, ssl->handshake->randbytes,  64 );
+                ( ret = mbedtls_md5_update_ext( &mbedtls_md5,
-            mbedtls_md5_update( &mbedtls_md5, dig_signed, dig_signed_len );
+                                    ssl->handshake->randbytes, 64 ) ) != 0 ||
-            mbedtls_md5_finish( &mbedtls_md5, hash );
+                ( ret = mbedtls_md5_update_ext( &mbedtls_md5, dig_signed,
+                                                dig_signed_len ) ) != 0    ||
+                ( ret = mbedtls_md5_finish_ext( &mbedtls_md5, hash ) ) != 0 )
+            {
+                mbedtls_md5_free( &mbedtls_md5 );
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md5_*", ret );
+                return( ret );
+            }
 
-            mbedtls_sha1_starts( &mbedtls_sha1 );
+            mbedtls_md5_free( &mbedtls_md5 );
-            mbedtls_sha1_update( &mbedtls_sha1, ssl->handshake->randbytes,  64 );
+
-            mbedtls_sha1_update( &mbedtls_sha1, dig_signed, dig_signed_len );
+            mbedtls_sha1_init( &mbedtls_sha1 );
-            mbedtls_sha1_finish( &mbedtls_sha1, hash + 16 );
+
+            if( ( ret = mbedtls_sha1_starts_ext( &mbedtls_sha1 ) ) != 0    ||
+                ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1,
+                                    ssl->handshake->randbytes, 64 ) ) != 0 ||
+                ( ret = mbedtls_sha1_update_ext( &mbedtls_sha1, dig_signed,
+                                                 dig_signed_len ) ) != 0   ||
+                ( ret = mbedtls_sha1_finish_ext( &mbedtls_sha1,
+                                                 hash + 16 ) ) != 0 )
+            {
+                mbedtls_sha1_free( &mbedtls_sha1 );
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_sha1_*", ret );
+                return( ret );
+            }
+
+            mbedtls_sha1_free( &mbedtls_sha1 );
 
             hashlen = 36;
-
-            mbedtls_md5_free(  &mbedtls_md5  );
-            mbedtls_sha1_free( &mbedtls_sha1 );
         }
         else
 #endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
@@ -3153,16 +3170,20 @@ curve_matching_done:
              *     ServerDHParams params;
              * };
              */
-            if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0 )
+            if( ( ret = mbedtls_md_setup( &ctx, md_info, 0 ) ) != 0          ||
+                ( ret = mbedtls_md_starts( &ctx ) ) != 0                     ||
+                ( ret = mbedtls_md_update( &ctx,
+                                    ssl->handshake->randbytes, 64 ) ) != 0   ||
+                ( ret = mbedtls_md_update( &ctx, dig_signed,
+                                           dig_signed_len ) ) != 0           ||
+                ( ret = mbedtls_md_finish( &ctx, hash ) ) != 0 )
             {
-                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_setup", ret );
+                mbedtls_md_free( &ctx );
+                MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_md_*", ret );
                 return( ret );
             }
 
-            mbedtls_md_starts( &ctx );
+
-            mbedtls_md_update( &ctx, ssl->handshake->randbytes, 64 );
-            mbedtls_md_update( &ctx, dig_signed, dig_signed_len );
-            mbedtls_md_finish( &ctx, hash );
             mbedtls_md_free( &ctx );
         }
         else