[PATCH v6 06/28] mbedtls: add digest shim layer for MbedTLS

Ilias Apalodimas ilias.apalodimas at linaro.org
Fri Sep 6 09:56:48 CEST 2024


[...]

On Tue, 3 Sept 2024 at 18:28, Raymond Mao <raymond.mao at linaro.org> wrote
>> > +void sha256_starts(sha256_context *ctx)
>> > +{
>> > +     mbedtls_sha256_init(ctx);
>> > +     mbedtls_sha256_starts(ctx, 0);
>> > +}
>> > +
>> > +void
>> > +sha256_update(sha256_context *ctx, const uint8_t *input, uint32_t length)
>> > +{
>> > +     mbedtls_sha256_update(ctx, input, length);
>> > +}
>> > +
>> > +void sha256_finish(sha256_context *ctx, uint8_t digest[SHA256_SUM_LEN])
>> > +{
>> > +     mbedtls_sha256_finish(ctx, digest);
>> > +     mbedtls_sha256_free(ctx);
>>
>> Patch #7 treats this differently and looks at the mbedtls_sha256_finish()
>> result (for all hashing algos). I think this one is correct and the other
>> one needs fixing
>>
> The difference is just due to different API prototypes to be ported - one returns void while
> the other returns int. According to this difference I decided to check the result of
> mbedtls_sha256_finish() or not.

You have to call free regardless of the result of the finish function
though. So patch #7 might leak some contents

/Ilias
>
> [snip]
>
> Regards,
> Raymond


More information about the U-Boot mailing list