diff --git a/library/pkcs7.c b/library/pkcs7.c index 3481cbdb1bd..dda15725a62 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -704,9 +704,9 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, * failed to validate'. */ for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { - ret = mbedtls_pk_verify(&pk_cxt, md_alg, hash, - mbedtls_md_get_size(md_info), - signer->sig.p, signer->sig.len); + ret = mbedtls_pk_verify_restartable(&pk_cxt, md_alg, hash, + mbedtls_md_get_size(md_info), + signer->sig.p, signer->sig.len, NULL); if (ret == 0) { break; diff --git a/library/ssl_client.c b/library/ssl_client.c index 307da0fabb8..10d49521983 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -943,7 +943,7 @@ int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) */ mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 5b852bdd191..b89e78e0b5e 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1441,11 +1441,6 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl, int update_checksum, int force_flush); -static inline int mbedtls_ssl_write_handshake_msg(mbedtls_ssl_context *ssl) -{ - return mbedtls_ssl_write_handshake_msg_ext(ssl, 1 /* update checksum */, 1 /* force flush */); -} - /* * Write handshake message tail */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 731cbc8eceb..6f7d2b9b9bd 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5028,7 +5028,7 @@ int mbedtls_ssl_write_change_cipher_spec(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 75c59a96ad3..313c5772010 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4247,7 +4247,7 @@ static int ssl_write_hello_request(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_HELLO_REQUEST; - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -6729,7 +6729,7 @@ int mbedtls_ssl_write_certificate(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -7459,7 +7459,7 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) } #endif - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 7675f95e376..d98cb07a2a9 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2565,7 +2565,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -2725,7 +2725,7 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 07641cb3e8f..a8bd02e5395 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2017,7 +2017,7 @@ static int ssl_write_hello_verify_request(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -2315,7 +2315,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE; ssl->out_msg[0] = MBEDTLS_SSL_HS_SERVER_HELLO; - ret = mbedtls_ssl_write_handshake_msg(ssl); + ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1); MBEDTLS_SSL_DEBUG_MSG(2, ("<= write server hello")); @@ -2505,7 +2505,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) ssl->out_msg[0] = MBEDTLS_SSL_HS_CERTIFICATE_REQUEST; MBEDTLS_PUT_UINT16_BE(total_dn_size, ssl->out_msg, 4 + ct_len + sa_len); - ret = mbedtls_ssl_write_handshake_msg(ssl); + ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1); MBEDTLS_SSL_DEBUG_MSG(2, ("<= write certificate request")); @@ -2880,11 +2880,11 @@ static int ssl_prepare_server_key_exchange(mbedtls_ssl_context *ssl, * after the call to ssl_prepare_server_key_exchange. * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ - if ((ret = mbedtls_pk_sign(mbedtls_ssl_own_key(ssl), - md_alg, hash, hashlen, - ssl->out_msg + ssl->out_msglen + 2, - out_buf_len - ssl->out_msglen - 2, - signature_len)) != 0) { + if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), + md_alg, hash, hashlen, + ssl->out_msg + ssl->out_msglen + 2, + out_buf_len - ssl->out_msglen - 2, + signature_len, NULL)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); return ret; } @@ -2971,7 +2971,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl) mbedtls_ssl_handshake_increment_state(ssl); - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -2999,7 +2999,7 @@ static int ssl_write_server_hello_done(mbedtls_ssl_context *ssl) } #endif - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } @@ -3456,9 +3456,9 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) } } - if ((ret = mbedtls_pk_verify(peer_pk, - md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len)) != 0) { + if ((ret = mbedtls_pk_verify_restartable(peer_pk, + md_alg, hash_start, hashlen, + ssl->in_msg + i, sig_len, NULL)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); return ret; } @@ -3521,7 +3521,7 @@ static int ssl_write_new_session_ticket(mbedtls_ssl_context *ssl) */ ssl->handshake->new_session_ticket = 0; - if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) { + if ((ret = mbedtls_ssl_write_handshake_msg_ext(ssl, 1, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret); return ret; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 663b308d623..d06e5f5232d 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -571,8 +571,9 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, } - if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { + if ((ret = mbedtls_pk_sign_restartable(ctx->issuer_key, ctx->md_alg, + hash, hash_length, sig, sizeof(sig), &sig_len, + NULL)) != 0) { return ret; } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 8e37278f957..c50482ddcd8 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -217,8 +217,8 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, &hash_len) != PSA_SUCCESS) { return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } - if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, - sig, sig_size, &sig_len)) != 0) { + if ((ret = mbedtls_pk_sign_restartable(ctx->key, ctx->md_alg, hash, 0, + sig, sig_size, &sig_len, NULL)) != 0) { return ret; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 64fd45952f5..de27d6eec85 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1243,10 +1243,10 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, switch (ctx->operation_type) { case ASYNC_OP_SIGN: - ret = mbedtls_pk_sign(key_slot->pk, - ctx->md_alg, - ctx->input, ctx->input_len, - output, output_size, output_len); + ret = mbedtls_pk_sign_restartable(key_slot->pk, + ctx->md_alg, + ctx->input, ctx->input_len, + output, output_size, output_len, NULL); break; default: mbedtls_printf(