Hi, On 07/02/18 20:22, Steffan Karger wrote: > - mbedtls_sha256(cert->tbs.p, cert->tbs.len, sha256_hash, false); > + if (0 != md_full(sha256_kt, cert->tbs.p, cert->tbs.len, sha256_hash))
Why not using mbedtls_sha256_ret() since we are already in
mbedtls-specific code here?
Any advantage in using a wrapper for another wrapper? :-P
(mbedtls_sha256_ret() is also the suggested replacement for
mbedtls_sha256())
Moreover, SHA256 is statically selected, therefore using
mbedtls_sha256_ret() would also avoid the md_kt_t local variable.
> + {
> + msg(M_WARN, "WARNING: failed to personalise random");
> + }
> +
Since we now have a reason for the failure, may it make sense to print a
proper description based on the return value? (even though I think
mbedtls_sha256_ret() can't really return something different from 0)
> if (0 != memcmp(old_sha256_hash, sha256_hash, sizeof(sha256_hash)))
> {
> mbedtls_ctr_drbg_update(cd_ctx, sha256_hash, 32);
>
Cheers,
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
