Merge pull request #7349 from mpg/rm-hash-info
Remove `hash_info` module
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 0917bf7..c2c9dc9 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -112,8 +112,12 @@
#if defined(MBEDTLS_ECJPAKE_C) || \
defined(MBEDTLS_PEM_PARSE_C) || \
defined(MBEDTLS_ENTROPY_C) || \
+ defined(MBEDTLS_PK_C) || \
defined(MBEDTLS_PKCS12_C) || \
- defined(MBEDTLS_RSA_C)
+ defined(MBEDTLS_RSA_C) || \
+ defined(MBEDTLS_SSL_TLS_C) || \
+ defined(MBEDTLS_X509_USE_C) || \
+ defined(MBEDTLS_X509_CREATE_C)
#define MBEDTLS_MD_LIGHT
#endif
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 7bad24d..44b76f4 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -151,6 +151,16 @@
MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
} mbedtls_md_type_t;
+/* Note: this should always be >= PSA_HASH_MAX_SIZE
+ * in all builds with both CRYPTO_C and MD_LIGHT.
+ *
+ * This is to make things easier for modules such as TLS that may define a
+ * buffer size using MD_MAX_SIZE in a part of the code that's common to PSA
+ * and legacy, then assume the buffer's size is PSA_HASH_MAX_SIZE in another
+ * part of the code based on PSA.
+ *
+ * Currently both macros have the same value, avoiding such issues.
+ */
#if defined(MBEDTLS_MD_CAN_SHA512)
#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
#elif defined(MBEDTLS_MD_CAN_SHA384)
@@ -311,6 +321,20 @@
unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info);
/**
+ * \brief This function gives the message-digest size associated to
+ * message-digest type.
+ *
+ * \param md_type The message-digest type.
+ *
+ * \return The size of the message-digest output in Bytes,
+ * or 0 if the message-digest type is not known.
+ */
+static inline unsigned char mbedtls_md_get_size_from_type(mbedtls_md_type_t md_type)
+{
+ return mbedtls_md_get_size(mbedtls_md_info_from_type(md_type));
+}
+
+/**
* \brief This function extracts the message-digest type from the
* message-digest information structure.
*
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 64c2435..528c0ab 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -29,6 +29,8 @@
#include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
+
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "psa/crypto.h"
@@ -120,49 +122,6 @@
}
}
-/* Translations for hashing. */
-
-/* Note: this function should not be used from inside the library, use
- * mbedtls_hash_info_psa_from_md() from the internal hash_info.h instead.
- * It is kept only for compatibility in case applications were using it. */
-static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg)
-{
- switch (md_alg) {
-#if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5)
- case MBEDTLS_MD_MD5:
- return PSA_ALG_MD5;
-#endif
-#if defined(MBEDTLS_SHA1_C) || defined(PSA_WANT_ALG_SHA_1)
- case MBEDTLS_MD_SHA1:
- return PSA_ALG_SHA_1;
-#endif
-#if defined(MBEDTLS_SHA224_C) || defined(PSA_WANT_ALG_SHA_224)
- case MBEDTLS_MD_SHA224:
- return PSA_ALG_SHA_224;
-#endif
-#if defined(MBEDTLS_SHA256_C) || defined(PSA_WANT_ALG_SHA_256)
- case MBEDTLS_MD_SHA256:
- return PSA_ALG_SHA_256;
-#endif
-#if defined(MBEDTLS_SHA384_C) || defined(PSA_WANT_ALG_SHA_384)
- case MBEDTLS_MD_SHA384:
- return PSA_ALG_SHA_384;
-#endif
-#if defined(MBEDTLS_SHA512_C) || defined(PSA_WANT_ALG_SHA_512)
- case MBEDTLS_MD_SHA512:
- return PSA_ALG_SHA_512;
-#endif
-#if defined(MBEDTLS_RIPEMD160_C) || defined(PSA_WANT_ALG_RIPEMD160)
- case MBEDTLS_MD_RIPEMD160:
- return PSA_ALG_RIPEMD160;
-#endif
- case MBEDTLS_MD_NONE:
- return 0;
- default:
- return 0;
- }
-}
-
/* Translations for ECC. */
static inline int mbedtls_psa_get_ecc_oid_from_id(
@@ -369,7 +328,7 @@
int16_t mbedtls_error;
} mbedtls_error_pair_t;
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_MD_LIGHT)
extern const mbedtls_error_pair_t psa_to_md_errors[4];
#endif
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 75d6582..8cc965b 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -128,12 +128,23 @@
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
* HMAC-SHA3-512. */
-#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA_384)
+/* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE,
+ * see the note on MBEDTLS_MD_MAX_SIZE for details. */
+#if defined(PSA_WANT_ALG_SHA_512)
#define PSA_HASH_MAX_SIZE 64
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
-#else
+#elif defined(PSA_WANT_ALG_SHA_384)
+#define PSA_HASH_MAX_SIZE 48
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
+#elif defined(PSA_WANT_ALG_SHA_256)
#define PSA_HASH_MAX_SIZE 32
#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+#elif defined(PSA_WANT_ALG_SHA_224)
+#define PSA_HASH_MAX_SIZE 28
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+#else /* SHA-1 or smaller */
+#define PSA_HASH_MAX_SIZE 20
+#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
#endif
/** \def PSA_MAC_MAX_SIZE
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index a08f3ff..915c820 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -42,7 +42,6 @@
entropy_poll.c
error.c
gcm.c
- hash_info.c
hkdf.c
hmac_drbg.c
lmots.c
diff --git a/library/Makefile b/library/Makefile
index 51e7a15..01da1c9 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -107,7 +107,6 @@
entropy_poll.o \
error.o \
gcm.o \
- hash_info.o \
hkdf.o \
hmac_drbg.o \
lmots.o \
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 7d452bc..19ad2c6 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -30,8 +30,6 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
-#include "hash_info.h"
-
#include <string.h>
#if !defined(MBEDTLS_ECJPAKE_ALT)
@@ -217,7 +215,7 @@
unsigned char *p = buf;
const unsigned char *end = buf + sizeof(buf);
const size_t id_len = strlen(id);
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
/* Write things to temporary buffer */
MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, G));
@@ -244,7 +242,7 @@
/* Turn it into an integer mod n */
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(h, hash,
- mbedtls_hash_info_get_size(md_type)));
+ mbedtls_md_get_size_from_type(md_type)));
MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(h, h, &grp->N));
cleanup:
@@ -780,7 +778,7 @@
unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
size_t x_bytes;
- *olen = mbedtls_hash_info_get_size(ctx->md_type);
+ *olen = mbedtls_md_get_size_from_type(ctx->md_type);
if (len < *olen) {
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
}
diff --git a/library/hash_info.c b/library/hash_info.c
deleted file mode 100644
index 37e44c6..0000000
--- a/library/hash_info.c
+++ /dev/null
@@ -1,122 +0,0 @@
-/*
- * Hash information that's independent from the crypto implementation.
- *
- * (See the corresponding header file for usage notes.)
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "hash_info.h"
-#include "mbedtls/error.h"
-
-typedef struct {
- psa_algorithm_t psa_alg;
- mbedtls_md_type_t md_type;
- unsigned char size;
- unsigned char block_size;
-} hash_entry;
-
-static const hash_entry hash_table[] = {
-#if defined(MBEDTLS_MD_CAN_MD5)
- { PSA_ALG_MD5, MBEDTLS_MD_MD5, 16, 64 },
-#endif
-#if defined(MBEDTLS_MD_CAN_RIPEMD160)
- { PSA_ALG_RIPEMD160, MBEDTLS_MD_RIPEMD160, 20, 64 },
-#endif
-#if defined(MBEDTLS_MD_CAN_SHA1)
- { PSA_ALG_SHA_1, MBEDTLS_MD_SHA1, 20, 64 },
-#endif
-#if defined(MBEDTLS_MD_CAN_SHA224)
- { PSA_ALG_SHA_224, MBEDTLS_MD_SHA224, 28, 64 },
-#endif
-#if defined(MBEDTLS_MD_CAN_SHA256)
- { PSA_ALG_SHA_256, MBEDTLS_MD_SHA256, 32, 64 },
-#endif
-#if defined(MBEDTLS_MD_CAN_SHA384)
- { PSA_ALG_SHA_384, MBEDTLS_MD_SHA384, 48, 128 },
-#endif
-#if defined(MBEDTLS_MD_CAN_SHA512)
- { PSA_ALG_SHA_512, MBEDTLS_MD_SHA512, 64, 128 },
-#endif
- { PSA_ALG_NONE, MBEDTLS_MD_NONE, 0, 0 },
-};
-
-/* Get size from MD type */
-unsigned char mbedtls_hash_info_get_size(mbedtls_md_type_t md_type)
-{
- const hash_entry *entry = hash_table;
- while (entry->md_type != MBEDTLS_MD_NONE &&
- entry->md_type != md_type) {
- entry++;
- }
-
- return entry->size;
-}
-
-/* Get block size from MD type */
-unsigned char mbedtls_hash_info_get_block_size(mbedtls_md_type_t md_type)
-{
- const hash_entry *entry = hash_table;
- while (entry->md_type != MBEDTLS_MD_NONE &&
- entry->md_type != md_type) {
- entry++;
- }
-
- return entry->block_size;
-}
-
-/* Get PSA from MD */
-psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type)
-{
- const hash_entry *entry = hash_table;
- while (entry->md_type != MBEDTLS_MD_NONE &&
- entry->md_type != md_type) {
- entry++;
- }
-
- return entry->psa_alg;
-}
-
-/* Get MD from PSA */
-mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg)
-{
- const hash_entry *entry = hash_table;
- while (entry->md_type != MBEDTLS_MD_NONE &&
- entry->psa_alg != psa_alg) {
- entry++;
- }
-
- return entry->md_type;
-}
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_md_error_from_psa(psa_status_t status)
-{
- switch (status) {
- case PSA_SUCCESS:
- return 0;
- case PSA_ERROR_NOT_SUPPORTED:
- return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
- case PSA_ERROR_INVALID_ARGUMENT:
- return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
- case PSA_ERROR_INSUFFICIENT_MEMORY:
- return MBEDTLS_ERR_MD_ALLOC_FAILED;
- default:
- return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
- }
-}
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
diff --git a/library/hash_info.h b/library/hash_info.h
deleted file mode 100644
index f984c82..0000000
--- a/library/hash_info.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/**
- * Hash information that's independent from the crypto implementation.
- *
- * This can be used by:
- * - code based on PSA
- * - code based on the legacy API
- * - code based on either of them depending on MBEDTLS_USE_PSA_CRYPTO
- * - code based on either of them depending on what's available
- *
- * Note: this internal module will go away when everything becomes based on
- * PSA Crypto; it is a helper for the transition while hash algorithms are
- * still represented using mbedtls_md_type_t in most places even when PSA is
- * used for the actual crypto computations.
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef MBEDTLS_HASH_INFO_H
-#define MBEDTLS_HASH_INFO_H
-
-#include "common.h"
-
-#include "mbedtls/md.h"
-#include "psa/crypto.h"
-#include "mbedtls/platform_util.h"
-
-/** \def MBEDTLS_HASH_MAX_SIZE
- *
- * Maximum size of a hash based on configuration.
- */
-#if defined(MBEDTLS_MD_C) && ( \
- !defined(MBEDTLS_PSA_CRYPTO_C) || \
- MBEDTLS_MD_MAX_SIZE >= PSA_HASH_MAX_SIZE)
-#define MBEDTLS_HASH_MAX_SIZE MBEDTLS_MD_MAX_SIZE
-#elif defined(MBEDTLS_PSA_CRYPTO_C) && ( \
- !defined(MBEDTLS_MD_C) || \
- PSA_HASH_MAX_SIZE >= MBEDTLS_MD_MAX_SIZE)
-#define MBEDTLS_HASH_MAX_SIZE PSA_HASH_MAX_SIZE
-#endif
-
-/** Get the output length of the given hash type from its MD type.
- *
- * \note To get the output length from the PSA alg, use \c PSA_HASH_LENGTH().
- *
- * \param md_type The hash MD type.
- *
- * \return The output length in bytes, or 0 if not known.
- */
-unsigned char mbedtls_hash_info_get_size(mbedtls_md_type_t md_type);
-
-/** Get the block size of the given hash type from its MD type.
- *
- * \note To get the output length from the PSA alg, use
- * \c PSA_HASH_BLOCK_LENGTH().
- *
- * \param md_type The hash MD type.
- *
- * \return The block size in bytes, or 0 if not known.
- */
-unsigned char mbedtls_hash_info_get_block_size(mbedtls_md_type_t md_type);
-
-/** Get the PSA alg from the MD type.
- *
- * \param md_type The hash MD type.
- *
- * \return The corresponding PSA algorithm identifier,
- * or PSA_ALG_NONE if not known.
- */
-psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type);
-
-/** Get the MD type alg from the PSA algorithm identifier.
- *
- * \param psa_alg The PSA hash algorithm.
- *
- * \return The corresponding MD type,
- * or MBEDTLS_MD_NONE if not known.
- */
-mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg);
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/** Convert PSA status to MD error code.
- *
- * \param status PSA status.
- *
- * \return The corresponding MD error code,
- */
-int MBEDTLS_DEPRECATED mbedtls_md_error_from_psa(psa_status_t status);
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_HASH_INFO_H */
diff --git a/library/md.c b/library/md.c
index 306af72..0be1d7e 100644
--- a/library/md.c
+++ b/library/md.c
@@ -52,8 +52,13 @@
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
-#if defined(MBEDTLS_MD_SOME_PSA)
+#if defined(MBEDTLS_PSA_CRYPTO_C)
#include <psa/crypto.h>
+#include "md_psa.h"
+#include "mbedtls/psa_util.h"
+#endif
+
+#if defined(MBEDTLS_MD_SOME_PSA)
#include "psa_crypto_core.h"
#endif
@@ -65,6 +70,11 @@
#include <stdio.h>
#endif
+/* See comment above MBEDTLS_MD_MAX_SIZE in md.h */
+#if defined(MBEDTLS_PSA_CRYPTO_C) && MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE
+#error "Internal error: MBEDTLS_MD_MAX_SIZE < PSA_HASH_MAX_SIZE"
+#endif
+
#if defined(MBEDTLS_MD_CAN_MD5)
const mbedtls_md_info_t mbedtls_md5_info = {
"MD5",
@@ -210,20 +220,6 @@
return psa_can_do_hash(alg);
}
-
-static int mbedtls_md_error_from_psa(psa_status_t status)
-{
- switch (status) {
- case PSA_SUCCESS:
- return 0;
- case PSA_ERROR_NOT_SUPPORTED:
- return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
- case PSA_ERROR_INSUFFICIENT_MEMORY:
- return MBEDTLS_ERR_MD_ALLOC_FAILED;
- default:
- return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
- }
-}
#endif /* MBEDTLS_MD_SOME_PSA */
void mbedtls_md_init(mbedtls_md_context_t *ctx)
@@ -678,6 +674,87 @@
return md_info->type;
}
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type)
+{
+ switch (md_type) {
+#if defined(MBEDTLS_MD_CAN_MD5)
+ case MBEDTLS_MD_MD5:
+ return PSA_ALG_MD5;
+#endif
+#if defined(MBEDTLS_MD_CAN_RIPEMD160)
+ case MBEDTLS_MD_RIPEMD160:
+ return PSA_ALG_RIPEMD160;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA1)
+ case MBEDTLS_MD_SHA1:
+ return PSA_ALG_SHA_1;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA224)
+ case MBEDTLS_MD_SHA224:
+ return PSA_ALG_SHA_224;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA256)
+ case MBEDTLS_MD_SHA256:
+ return PSA_ALG_SHA_256;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA384)
+ case MBEDTLS_MD_SHA384:
+ return PSA_ALG_SHA_384;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA512)
+ case MBEDTLS_MD_SHA512:
+ return PSA_ALG_SHA_512;
+#endif
+ default:
+ return PSA_ALG_NONE;
+ }
+}
+
+mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg)
+{
+ switch (psa_alg) {
+#if defined(MBEDTLS_MD_CAN_MD5)
+ case PSA_ALG_MD5:
+ return MBEDTLS_MD_MD5;
+#endif
+#if defined(MBEDTLS_MD_CAN_RIPEMD160)
+ case PSA_ALG_RIPEMD160:
+ return MBEDTLS_MD_RIPEMD160;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA1)
+ case PSA_ALG_SHA_1:
+ return MBEDTLS_MD_SHA1;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA224)
+ case PSA_ALG_SHA_224:
+ return MBEDTLS_MD_SHA224;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA256)
+ case PSA_ALG_SHA_256:
+ return MBEDTLS_MD_SHA256;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA384)
+ case PSA_ALG_SHA_384:
+ return MBEDTLS_MD_SHA384;
+#endif
+#if defined(MBEDTLS_MD_CAN_SHA512)
+ case PSA_ALG_SHA_512:
+ return MBEDTLS_MD_SHA512;
+#endif
+ default:
+ return MBEDTLS_MD_NONE;
+ }
+}
+
+int mbedtls_md_error_from_psa(psa_status_t status)
+{
+ return PSA_TO_MBEDTLS_ERR_LIST(status, psa_to_md_errors,
+ psa_generic_status_to_mbedtls);
+}
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+
/************************************************************************
* Functions above this separator are part of MBEDTLS_MD_LIGHT, *
* functions below are only available when MBEDTLS_MD_C is set. *
diff --git a/library/md_psa.h b/library/md_psa.h
new file mode 100644
index 0000000..6645c83
--- /dev/null
+++ b/library/md_psa.h
@@ -0,0 +1,60 @@
+/**
+ * Translation between MD and PSA identifiers (algorithms, errors).
+ *
+ * Note: this internal module will go away when everything becomes based on
+ * PSA Crypto; it is a helper for the transition period.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef MBEDTLS_MD_PSA_H
+#define MBEDTLS_MD_PSA_H
+
+#include "common.h"
+
+#include "mbedtls/md.h"
+#include "psa/crypto.h"
+
+/**
+ * \brief This function returns the PSA algorithm identifier
+ * associated with the given digest type.
+ *
+ * \param md_type The type of digest to search for.
+ *
+ * \return The PSA algorithm identifier associated with \p md_type.
+ * \return PSA_ALG_NONE if the algorithm is not supported.
+ */
+psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type);
+
+/**
+ * \brief This function returns the given digest type
+ * associated with the PSA algorithm identifier.
+ *
+ * \param psa_alg The PSA algorithm identifier to search for.
+ *
+ * \return The MD type associated with \p psa_alg.
+ * \return MBEDTLS_MD_NONE if the algorithm is not supported.
+ */
+mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg);
+
+/** Convert PSA status to MD error code.
+ *
+ * \param status PSA status.
+ *
+ * \return The corresponding MD error code,
+ */
+int mbedtls_md_error_from_psa(psa_status_t status);
+
+#endif /* MBEDTLS_MD_PSA_H */
diff --git a/library/pem.c b/library/pem.c
index aed4788..056c98c 100644
--- a/library/pem.c
+++ b/library/pem.c
@@ -29,7 +29,6 @@
#include "mbedtls/cipher.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
-#include "hash_info.h"
#include <string.h>
diff --git a/library/pk.c b/library/pk.c
index d30205c..91796de 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -25,8 +25,6 @@
#include "pkwrite.h"
#include "pk_internal.h"
-#include "hash_info.h"
-
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
@@ -42,6 +40,7 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
#include "mbedtls/psa_util.h"
+#include "md_psa.h"
#endif
#include <limits.h>
@@ -418,7 +417,7 @@
return 0;
}
- *hash_len = mbedtls_hash_info_get_size(md_alg);
+ *hash_len = mbedtls_md_get_size_from_type(md_alg);
if (*hash_len == 0) {
return -1;
@@ -567,7 +566,7 @@
psa_status_t status = PSA_ERROR_DATA_CORRUPT;
psa_status_t destruction_status = PSA_ERROR_DATA_CORRUPT;
- psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg);
+ psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t psa_sig_alg = PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg);
@@ -735,7 +734,7 @@
}
#if defined(MBEDTLS_RSA_C)
- psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg);
+ psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
if (psa_md_alg == 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 9170231..a4c2a3b 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -25,6 +25,7 @@
#include "pk_wrap.h"
#include "pk_internal.h"
#include "mbedtls/error.h"
+#include "md_psa.h"
/* Even if RSA not activated, for the sake of RSA-alt */
#include "mbedtls/rsa.h"
@@ -47,7 +48,6 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
-#include "hash_info.h"
#if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
#include "mbedtls/asn1write.h"
@@ -205,7 +205,7 @@
int key_len;
unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
psa_algorithm_t psa_alg_md =
- PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg));
+ PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg));
size_t rsa_len = mbedtls_rsa_get_len(rsa);
if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) {
@@ -357,7 +357,7 @@
((void) p_rng);
psa_algorithm_t psa_md_alg;
- psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg);
+ psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
if (psa_md_alg == 0) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
@@ -930,10 +930,10 @@
psa_status_t status;
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
psa_algorithm_t psa_sig_md =
- PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_hash_info_psa_from_md(md_alg));
+ PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
#else
psa_algorithm_t psa_sig_md =
- PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg));
+ PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
#endif
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
psa_ecc_family_t curve = pk->ec_family;
@@ -1631,12 +1631,12 @@
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
- alg = PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg));
+ alg = PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg));
} else
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
#if defined(MBEDTLS_RSA_C)
if (PSA_KEY_TYPE_IS_RSA(type)) {
- alg = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg));
+ alg = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg));
} else
#endif /* MBEDTLS_RSA_C */
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 515d9e1..ce2dcf2 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -39,7 +39,6 @@
#include "mbedtls/des.h"
#endif
-#include "hash_info.h"
#include "mbedtls/psa_util.h"
#if defined(MBEDTLS_ASN1_PARSE_C)
@@ -290,7 +289,7 @@
unsigned char diversifier[128];
unsigned char salt_block[128], pwd_block[128], hash_block[128] = { 0 };
- unsigned char hash_output[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
unsigned char *p;
unsigned char c;
int use_password = 0;
@@ -314,7 +313,7 @@
use_password = (pwd && pwdlen != 0);
use_salt = (salt && saltlen != 0);
- hlen = mbedtls_hash_info_get_size(md_type);
+ hlen = mbedtls_md_get_size_from_type(md_type);
if (hlen <= 32) {
v = 64;
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 0f4baf1..94da981 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -44,7 +44,6 @@
#include "mbedtls/platform.h"
-#include "hash_info.h"
#include "mbedtls/psa_util.h"
#if defined(MBEDTLS_ASN1_PARSE_C)
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 85451bf..399e7f3 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -82,7 +82,7 @@
#include "mbedtls/sha1.h"
#include "mbedtls/sha256.h"
#include "mbedtls/sha512.h"
-#include "hash_info.h"
+#include "md_psa.h"
#define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array)))
@@ -3610,7 +3610,7 @@
operation->ctx->grp.nbits);
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
- operation->md_alg = mbedtls_hash_info_md_from_psa(hash_alg);
+ operation->md_alg = mbedtls_md_type_from_psa_alg(hash_alg);
operation->alg = alg;
/* We only need to store the same length of hash as the private key size
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index f70d804..4880208 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -26,7 +26,7 @@
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
#include "psa_crypto_random_impl.h"
-#include "hash_info.h"
+#include "md_psa.h"
#include <stdlib.h>
#include <string.h>
@@ -366,7 +366,7 @@
if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
- mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa(hash_alg);
+ mbedtls_md_type_t md_alg = mbedtls_md_type_from_psa_alg(hash_alg);
MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_det_ext(
&ecp->grp, &r, &s,
&ecp->d, hash,
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 3ff589d..ab93146 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -28,6 +28,7 @@
#include "psa_crypto_random_impl.h"
#include "psa_crypto_rsa.h"
#include "psa_crypto_hash.h"
+#include "md_psa.h"
#include <stdlib.h>
#include <string.h>
@@ -37,7 +38,6 @@
#include <mbedtls/error.h>
#include <mbedtls/pk.h>
#include "pk_wrap.h"
-#include "hash_info.h"
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
@@ -318,7 +318,7 @@
mbedtls_md_type_t *md_alg)
{
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
- *md_alg = mbedtls_hash_info_md_from_psa(hash_alg);
+ *md_alg = mbedtls_md_type_from_psa_alg(hash_alg);
/* The Mbed TLS RSA module uses an unsigned int for hash length
* parameters. Validate that it fits so that we don't risk an
@@ -332,7 +332,7 @@
if (*md_alg == MBEDTLS_MD_NONE) {
return PSA_ERROR_NOT_SUPPORTED;
}
- if (mbedtls_hash_info_get_size(*md_alg) != hash_length) {
+ if (mbedtls_md_get_size_from_type(*md_alg) != hash_length) {
return PSA_ERROR_INVALID_ARGUMENT;
}
}
@@ -527,7 +527,7 @@
mbedtls_rsa_context *rsa)
{
psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH(alg);
- mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa(hash_alg);
+ mbedtls_md_type_t md_alg = mbedtls_md_type_from_psa_alg(hash_alg);
return mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg);
}
diff --git a/library/psa_util.c b/library/psa_util.c
index 43a10a3..c354f34 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -33,7 +33,7 @@
/* PSA_SUCCESS is kept at the top of each error table since
* it's the most common status when everything functions properly. */
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_MD_LIGHT)
const mbedtls_error_pair_t psa_to_md_errors[] =
{
{ PSA_SUCCESS, 0 },
diff --git a/library/rsa.c b/library/rsa.c
index 87b3311..8126ae9 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -46,7 +46,7 @@
#include "mbedtls/error.h"
#include "constant_time_internal.h"
#include "mbedtls/constant_time.h"
-#include "hash_info.h"
+#include "md_psa.h"
#include <string.h>
@@ -478,7 +478,7 @@
if ((padding == MBEDTLS_RSA_PKCS_V21) &&
(hash_id != MBEDTLS_MD_NONE)) {
/* Just make sure this hash is supported in this build. */
- if (mbedtls_hash_info_psa_from_md(hash_id) == PSA_ALG_NONE) {
+ if (mbedtls_md_info_from_type(hash_id) == NULL) {
return MBEDTLS_ERR_RSA_INVALID_PADDING;
}
}
@@ -1076,7 +1076,7 @@
unsigned char *p;
unsigned int hlen;
size_t i, use_len;
- unsigned char mask[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char mask[MBEDTLS_MD_MAX_SIZE];
int ret = 0;
const mbedtls_md_info_t *md_info;
mbedtls_md_context_t md_ctx;
@@ -1229,7 +1229,7 @@
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id);
+ hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id);
if (hlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -1380,7 +1380,7 @@
size_t ilen, i, pad_len;
unsigned char *p, bad, pad_done;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
- unsigned char lhash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
unsigned int hlen;
/*
@@ -1396,7 +1396,7 @@
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
- hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id);
+ hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id);
if (hlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -1596,7 +1596,7 @@
if (md_alg != MBEDTLS_MD_NONE) {
/* Gather length of hash to sign */
- size_t exp_hashlen = mbedtls_hash_info_get_size(md_alg);
+ size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg);
if (exp_hashlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -1606,7 +1606,7 @@
}
}
- hlen = mbedtls_hash_info_get_size((mbedtls_md_type_t) ctx->hash_id);
+ hlen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) ctx->hash_id);
if (hlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -1744,7 +1744,7 @@
/* Are we signing hashed or raw data? */
if (md_alg != MBEDTLS_MD_NONE) {
- unsigned char md_size = mbedtls_hash_info_get_size(md_alg);
+ unsigned char md_size = mbedtls_md_get_size_from_type(md_alg);
if (md_size == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -1966,7 +1966,7 @@
size_t siglen;
unsigned char *p;
unsigned char *hash_start;
- unsigned char result[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char result[MBEDTLS_MD_MAX_SIZE];
unsigned int hlen;
size_t observed_salt_len, msb;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { 0 };
@@ -1995,7 +1995,7 @@
if (md_alg != MBEDTLS_MD_NONE) {
/* Gather length of hash to sign */
- size_t exp_hashlen = mbedtls_hash_info_get_size(md_alg);
+ size_t exp_hashlen = mbedtls_md_get_size_from_type(md_alg);
if (exp_hashlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
@@ -2005,7 +2005,7 @@
}
}
- hlen = mbedtls_hash_info_get_size(mgf1_hash_id);
+ hlen = mbedtls_md_get_size_from_type(mgf1_hash_id);
if (hlen == 0) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
}
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 9cef3fe..793ec6a 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -28,6 +28,9 @@
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/ssl.h"
#include "ssl_misc.h"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "md_psa.h"
+#endif
#include <string.h>
@@ -1966,10 +1969,10 @@
case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
return PSA_ALG_RSA_PKCS1V15_SIGN(
- mbedtls_hash_info_psa_from_md(info->mac));
+ mbedtls_md_psa_alg_from_type(info->mac));
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- return PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(info->mac));
+ return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(info->mac));
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 6d54300..ae7a420 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -36,6 +36,7 @@
#include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "md_psa.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
psa_generic_status_to_mbedtls)
@@ -114,7 +115,7 @@
(void) f_rng;
(void) p_rng;
- alg = mbedtls_hash_info_psa_from_md(COOKIE_MD);
+ alg = mbedtls_md_psa_alg_from_type(COOKIE_MD);
if (alg == 0) {
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 17149c5..2d6d7ba 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -30,7 +30,6 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
-#include "hash_info.h"
#endif
#if defined(MBEDTLS_MD_CAN_MD5)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c928ccd..f0067f4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -41,6 +41,7 @@
#include <string.h>
#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "md_psa.h"
#include "mbedtls/psa_util.h"
#include "psa/crypto.h"
#endif
@@ -843,11 +844,11 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha256_psa);
if (status != PSA_SUCCESS) {
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
}
status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
if (status != PSA_SUCCESS) {
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
}
#else
mbedtls_md_free(&ssl->handshake->fin_sha256);
@@ -868,11 +869,11 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
if (status != PSA_SUCCESS) {
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
}
status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
if (status != PSA_SUCCESS) {
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
}
#else
mbedtls_md_free(&ssl->handshake->fin_sha384);
@@ -910,7 +911,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
if (status != PSA_SUCCESS) {
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
}
#else
ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
@@ -923,7 +924,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
if (status != PSA_SUCCESS) {
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
}
#else
ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
@@ -940,8 +941,8 @@
const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- return PSA_TO_MD_ERR(psa_hash_update(
- &ssl->handshake->fin_sha256_psa, buf, len));
+ return mbedtls_md_error_from_psa(psa_hash_update(
+ &ssl->handshake->fin_sha256_psa, buf, len));
#else
return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len);
#endif
@@ -953,8 +954,8 @@
const unsigned char *buf, size_t len)
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- return PSA_TO_MD_ERR(psa_hash_update(
- &ssl->handshake->fin_sha384_psa, buf, len));
+ return mbedtls_md_error_from_psa(psa_hash_update(
+ &ssl->handshake->fin_sha384_psa, buf, len));
#else
return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len);
#endif
@@ -6626,7 +6627,7 @@
exit:
psa_hash_abort(&sha256_psa);
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_context_t sha256;
@@ -6688,7 +6689,7 @@
exit:
psa_hash_abort(&sha384_psa);
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_md_context_t sha384;
@@ -7741,7 +7742,7 @@
exit:
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&sha256_psa);
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
#else
mbedtls_md_free(&sha256);
return ret;
@@ -7830,7 +7831,7 @@
exit:
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_hash_abort(&sha384_psa);
- return PSA_TO_MD_ERR(status);
+ return mbedtls_md_error_from_psa(status);
#else
mbedtls_md_free(&sha384);
return ret;
@@ -8292,9 +8293,9 @@
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- mac_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac);
+ mac_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
if (mac_alg == 0) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_hash_info_psa_from_md for %u not found",
+ MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found",
(unsigned) ciphersuite_info->mac));
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
@@ -8741,7 +8742,7 @@
{
psa_status_t status;
psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT;
- psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(md_alg);
+ psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(md_alg);
MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based computation of digest of ServerKeyExchange"));
@@ -8870,7 +8871,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) {
psa_algorithm_t psa_hash_alg =
- mbedtls_hash_info_psa_from_md(hash_alg_received);
+ mbedtls_md_psa_alg_from_type(hash_alg_received);
if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA &&
!mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key,
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 691fa62..fc96dae 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -50,8 +50,6 @@
#include "mbedtls/platform_util.h"
#endif
-#include "hash_info.h"
-
#if defined(MBEDTLS_SSL_RENEGOTIATION)
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl,
@@ -2291,7 +2289,7 @@
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
if (mbedtls_ssl_ciphersuite_uses_server_signature(ciphersuite_info)) {
size_t sig_len, hashlen;
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
@@ -2408,7 +2406,7 @@
mbedtls_pk_rsassa_pss_options rsassa_pss_options;
rsassa_pss_options.mgf1_hash_id = md_alg;
rsassa_pss_options.expected_salt_len =
- mbedtls_hash_info_get_size(md_alg);
+ mbedtls_md_get_size_from_type(md_alg);
if (rsassa_pss_options.expected_salt_len == 0) {
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 3b8710e..30c35f3 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -30,7 +30,6 @@
#include "mbedtls/platform_util.h"
#include "constant_time_internal.h"
#include "mbedtls/constant_time.h"
-#include "hash_info.h"
#include <string.h>
@@ -3081,7 +3080,7 @@
size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
size_t hashlen = 0;
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index e347853..3dffc1d 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -33,6 +33,7 @@
#include "ssl_client.h"
#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
+#include "md_psa.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
@@ -672,7 +673,7 @@
ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(ciphersuite);
if (ciphersuite_info != NULL) {
- return mbedtls_psa_translate_md(ciphersuite_info->mac);
+ return mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
}
return PSA_ALG_NONE;
@@ -850,7 +851,7 @@
/* Get current state of handshake transcript. */
ret = mbedtls_ssl_get_handshake_transcript(
- ssl, mbedtls_hash_info_md_from_psa(hash_alg),
+ ssl, mbedtls_md_type_from_psa_alg(hash_alg),
transcript, sizeof(transcript), &transcript_len);
if (ret != 0) {
return ret;
@@ -1126,7 +1127,7 @@
return ret;
}
- if (mbedtls_psa_translate_md(ssl->handshake->ciphersuite_info->mac)
+ if (mbedtls_md_psa_alg_from_type(ssl->handshake->ciphersuite_info->mac)
!= hash_alg) {
MBEDTLS_SSL_DEBUG_MSG(
1, ("Invalid ciphersuite for external psk."));
@@ -2844,7 +2845,7 @@
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- psa_hash_alg = mbedtls_psa_translate_md(ciphersuite_info->mac);
+ psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
hash_length = PSA_HASH_LENGTH(psa_hash_alg);
if (hash_length == -1 ||
(size_t) hash_length > sizeof(session->resumption_key)) {
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index a00785b..a59f01c 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -29,7 +29,7 @@
#include "mbedtls/platform.h"
#include "mbedtls/constant_time.h"
#include "psa/crypto.h"
-#include "mbedtls/psa_util.h"
+#include "md_psa.h"
#include "ssl_misc.h"
#include "ssl_tls13_invasive.h"
@@ -274,7 +274,7 @@
goto error;
}
- hash_alg = mbedtls_hash_info_psa_from_md(md_alg);
+ hash_alg = mbedtls_md_psa_alg_from_type(md_alg);
if (hash_alg == 0) {
goto error;
}
@@ -1076,7 +1076,7 @@
}
/* Hash verify buffer with indicated hash function */
- psa_algorithm = mbedtls_hash_info_psa_from_md(md_alg);
+ psa_algorithm = mbedtls_md_psa_alg_from_type(md_alg);
status = psa_hash_compute(psa_algorithm,
verify_buffer,
verify_buffer_len,
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 46caa45..540f854 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -34,6 +34,7 @@
#include "ssl_tls13_invasive.h"
#include "psa/crypto.h"
+#include "md_psa.h"
#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
psa_to_ssl_errors, \
@@ -677,7 +678,7 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md(
+ psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type(
handshake->ciphersuite_info->mac);
/*
@@ -792,7 +793,7 @@
mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac;
- psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(
+ psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(
ssl->handshake->ciphersuite_info->mac);
size_t const hash_len = PSA_HASH_LENGTH(hash_alg);
@@ -1163,7 +1164,7 @@
md_type = ciphersuite_info->mac;
- hash_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac);
+ hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
hash_len = PSA_HASH_LENGTH(hash_alg);
ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
@@ -1291,7 +1292,7 @@
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
- hash_alg = mbedtls_hash_info_psa_from_md(handshake->ciphersuite_info->mac);
+ hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac);
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) {
ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len);
@@ -1365,7 +1366,7 @@
md_type = ciphersuite_info->mac;
- hash_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac);
+ hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
hash_len = PSA_HASH_LENGTH(hash_alg);
ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type,
@@ -1472,7 +1473,7 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ssl_handshake_params *handshake = ssl->handshake;
- psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md(
+ psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type(
handshake->ciphersuite_info->mac);
unsigned char *shared_secret = NULL;
size_t shared_secret_len = 0;
@@ -1608,7 +1609,7 @@
md_type = handshake->ciphersuite_info->mac;
- hash_alg = mbedtls_hash_info_psa_from_md(handshake->ciphersuite_info->mac);
+ hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac);
hash_len = PSA_HASH_LENGTH(hash_alg);
/* Compute current handshake transcript. It's the caller's responsibility
@@ -1766,7 +1767,7 @@
}
ret = mbedtls_ssl_tls13_derive_resumption_master_secret(
- mbedtls_psa_translate_md(md_type),
+ mbedtls_md_psa_alg_from_type(md_type),
handshake->tls13_master_secrets.app,
transcript, transcript_len,
&ssl->session_negotiate->app_secrets);
@@ -1781,7 +1782,7 @@
MBEDTLS_SSL_DEBUG_BUF(
4, "Resumption master secret",
ssl->session_negotiate->app_secrets.resumption_master_secret,
- PSA_HASH_LENGTH(mbedtls_psa_translate_md(md_type)));
+ PSA_HASH_LENGTH(mbedtls_md_psa_alg_from_type(md_type)));
MBEDTLS_SSL_DEBUG_MSG(
2, ("<= mbedtls_ssl_tls13_compute_resumption_master_secret"));
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index dc3c2f0..cf61191 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -25,6 +25,7 @@
#include "mbedtls/error.h"
#include "mbedtls/platform.h"
#include "mbedtls/constant_time.h"
+#include "md_psa.h"
#include "ssl_misc.h"
#include "ssl_tls13_keys.h"
@@ -332,7 +333,7 @@
/* Get current state of handshake transcript. */
ret = mbedtls_ssl_get_handshake_transcript(
- ssl, mbedtls_hash_info_md_from_psa(psk_hash_alg),
+ ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg),
transcript, sizeof(transcript), &transcript_len);
if (ret != 0) {
return ret;
@@ -406,7 +407,7 @@
/* MAC of selected ciphersuite MUST be same with PSK binder if exist.
* Otherwise, client should reject.
*/
- if (psk_hash_alg == mbedtls_psa_translate_md(ciphersuite_info->mac)) {
+ if (psk_hash_alg == mbedtls_md_psa_alg_from_type(ciphersuite_info->mac)) {
*selected_ciphersuite = cipher_suite;
*selected_ciphersuite_info = ciphersuite_info;
return 0;
@@ -612,7 +613,7 @@
ret = ssl_tls13_offered_psks_check_binder_match(
ssl, binder, binder_len, psk_type,
- mbedtls_psa_translate_md(ciphersuite_info->mac));
+ mbedtls_md_psa_alg_from_type(ciphersuite_info->mac));
if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) {
/* For security reasons, the handshake should be aborted when we
* fail to validate a binder value. See RFC 8446 section 4.2.11.2
@@ -2783,7 +2784,7 @@
ciphersuite_info =
(mbedtls_ssl_ciphersuite_t *) ssl->handshake->ciphersuite_info;
- psa_hash_alg = mbedtls_psa_translate_md(ciphersuite_info->mac);
+ psa_hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac);
hash_length = PSA_HASH_LENGTH(psa_hash_alg);
if (hash_length == -1 ||
(size_t) hash_length > sizeof(session->resumption_key)) {
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 9c44ba6..9b3414a 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -47,8 +47,8 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
+#include "md_psa.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#include "hash_info.h"
#include "x509_invasive.h"
#include "pk_internal.h"
@@ -2024,7 +2024,7 @@
const mbedtls_x509_crt_profile *profile)
{
int flags = 0;
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t psa_algorithm;
#else
@@ -2064,7 +2064,7 @@
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_algorithm = mbedtls_hash_info_psa_from_md(crl_list->sig_md);
+ psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md);
if (psa_hash_compute(psa_algorithm,
crl_list->tbs.p,
crl_list->tbs.len,
@@ -2133,7 +2133,7 @@
mbedtls_x509_crt_restart_ctx *rs_ctx)
{
size_t hash_len;
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
const mbedtls_md_info_t *md_info;
md_info = mbedtls_md_info_from_type(child->sig_md);
@@ -2144,7 +2144,7 @@
return -1;
}
#else
- psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(child->sig_md);
+ psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md);
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
status = psa_hash_compute(hash_alg,
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 274eb4b..59fd589 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -45,10 +45,9 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
+#include "md_psa.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#include "hash_info.h"
-
#define CHECK_OVERFLOW_ADD(a, b) \
do \
{ \
@@ -569,7 +568,7 @@
unsigned char *c, *c2;
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
size_t hash_length = 0;
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_algorithm_t psa_algorithm;
@@ -728,7 +727,7 @@
/* Compute hash of CRT. */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_algorithm = mbedtls_hash_info_psa_from_md(ctx->md_alg);
+ psa_algorithm = mbedtls_md_psa_alg_from_type(ctx->md_alg);
status = psa_hash_compute(psa_algorithm,
c,
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index deb6617..d792d34 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -36,8 +36,8 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
+#include "md_psa.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#include "hash_info.h"
#include <string.h>
#include <stdlib.h>
@@ -243,13 +243,13 @@
const char *sig_oid;
size_t sig_oid_len = 0;
unsigned char *c, *c2;
- unsigned char hash[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char hash[MBEDTLS_MD_MAX_SIZE];
size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
size_t hash_len;
- psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(ctx->md_alg);
+ psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg);
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* Write the CSR backwards starting from the end of buf */
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 572b6cb..2841691 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -36,7 +36,6 @@
#include <ssl_misc.h>
#include <mbedtls/timing.h>
#include <mbedtls/debug.h>
-#include "hash_info.h"
#include "test/certs.h"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 36d5fa4..7b0893b 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -3836,7 +3836,7 @@
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -O1' lib
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug"
- ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
+ ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
}
component_build_arm_linux_gnueabi_gcc_arm5vte () {
@@ -3850,7 +3850,7 @@
make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te'
msg "size: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
- ${ARM_LINUX_GNUEABI_GCC_PREFIX}size library/*.o
+ ${ARM_LINUX_GNUEABI_GCC_PREFIX}size -t library/*.o
}
support_build_arm_linux_gnueabi_gcc_arm5vte () {
type ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc >/dev/null 2>&1
@@ -3865,7 +3865,7 @@
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" CFLAGS='-std=c99 -Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -march=armv5te -O1, baremetal+debug"
- ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
+ ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
}
component_build_arm_none_eabi_gcc_m0plus () {
@@ -3874,7 +3874,7 @@
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra -mthumb -mcpu=cortex-m0plus -Os' lib
msg "size: ${ARM_NONE_EABI_GCC_PREFIX}gcc -mthumb -mcpu=cortex-m0plus -Os, baremetal_size"
- ${ARM_NONE_EABI_GCC_PREFIX}size library/*.o
+ ${ARM_NONE_EABI_GCC_PREFIX}size -t library/*.o
}
component_build_arm_none_eabi_gcc_no_udbl_division () {
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index fbf9ea5..e8bbc78 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -21,6 +21,7 @@
*/
#include <test/ssl_helpers.h>
+#include "md_psa.h"
#if defined(MBEDTLS_SSL_TLS_C)
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
@@ -1200,7 +1201,7 @@
mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type(hash_id);
CHK(md_info != NULL);
#endif
- maclen = mbedtls_hash_info_get_size(hash_id);
+ maclen = mbedtls_md_get_size_from_type(hash_id);
CHK(maclen != 0);
/* Pick hash keys */
CHK((md0 = mbedtls_calloc(1, maclen)) != NULL);
@@ -1209,7 +1210,7 @@
memset(md1, 0x6, maclen);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- alg = mbedtls_hash_info_psa_from_md(hash_id);
+ alg = mbedtls_md_psa_alg_from_type(hash_id);
CHK(alg != 0);
@@ -1501,7 +1502,7 @@
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md(
+ psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type(
MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE);
size_t hash_size = 0;
psa_status_t status = psa_hash_compute(
diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function
index 985d482..9ee372b 100644
--- a/tests/suites/test_suite_constant_time_hmac.function
+++ b/tests/suites/test_suite_constant_time_hmac.function
@@ -3,7 +3,7 @@
#include <mbedtls/constant_time.h>
#include <mbedtls/md.h>
#include <constant_time_internal.h>
-#include <hash_info.h>
+#include "md_psa.h"
#include <test/constant_flow.h>
/* END_HEADER */
@@ -28,7 +28,7 @@
size_t min_in_len, in_len, max_in_len, i;
/* TLS additional data is 13 bytes (hence the "lucky 13" name) */
unsigned char add_data[13];
- unsigned char ref_out[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
unsigned char *data = NULL;
unsigned char *out = NULL;
unsigned char rec_num = 0;
@@ -36,7 +36,7 @@
USE_PSA_INIT();
#if defined(MBEDTLS_USE_PSA_CRYPTO)
- alg = PSA_ALG_HMAC(mbedtls_hash_info_psa_from_md(hash));
+ alg = PSA_ALG_HMAC(mbedtls_md_psa_alg_from_type(hash));
out_len = PSA_HASH_LENGTH(alg);
block_size = PSA_HASH_BLOCK_LENGTH(alg);
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 60bb6c2..f16a6d4 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -1,6 +1,5 @@
/* BEGIN_HEADER */
#include "mbedtls/ecdsa.h"
-#include "hash_info.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -15,7 +14,7 @@
mbedtls_ecp_point Q;
mbedtls_mpi d, r, s;
mbedtls_test_rnd_pseudo_info rnd_info;
- unsigned char buf[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char buf[MBEDTLS_MD_MAX_SIZE];
mbedtls_ecp_group_init(&grp);
mbedtls_ecp_point_init(&Q);
@@ -47,7 +46,7 @@
mbedtls_ecp_point Q;
mbedtls_mpi d, r, s;
mbedtls_test_rnd_pseudo_info rnd_info;
- unsigned char buf[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char buf[MBEDTLS_MD_MAX_SIZE];
mbedtls_ecp_group_init(&grp);
mbedtls_ecp_point_init(&Q);
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 65b0c03..7871140 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -9,8 +9,6 @@
#include "mbedtls/rsa.h"
#include "pk_internal.h"
-#include "hash_info.h"
-
#include <limits.h>
#include <stdint.h>
@@ -18,6 +16,7 @@
* but the test code generator requires test case data to be valid C code
* unconditionally (https://github.com/Mbed-TLS/mbedtls/issues/2023). */
#include "psa/crypto.h"
+#include "md_psa.h"
/* Used for properly sizing the key buffer in pk_genkey_ec() */
#include "mbedtls/psa_util.h"
@@ -1448,7 +1447,7 @@
size_t sig_len;
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
unsigned char hash[PSA_HASH_MAX_SIZE];
- size_t hash_len = mbedtls_hash_info_get_size(md_alg);
+ size_t hash_len = mbedtls_md_get_size_from_type(md_alg);
void const *options = NULL;
mbedtls_pk_rsassa_pss_options rsassa_pss_options;
memset(hash, 0x2a, sizeof(hash));
@@ -1491,7 +1490,7 @@
unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
unsigned char *pkey_start;
unsigned char hash[PSA_HASH_MAX_SIZE];
- psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg);
+ psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
psa_algorithm_t psa_alg;
size_t hash_len = PSA_HASH_LENGTH(psa_md_alg);
void const *options = NULL;
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 6f9e544..a8c714f 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -7,8 +7,6 @@
#include <ssl_tls13_invasive.h>
#include <test/ssl_helpers.h>
-#include "hash_info.h"
-
#include <constant_time_internal.h>
#include <test/constant_flow.h>
@@ -1974,7 +1972,7 @@
data_t *transcript,
data_t *binder_expected)
{
- unsigned char binder[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char binder[MBEDTLS_MD_MAX_SIZE];
/* Double-check that we've passed sane parameters. */
psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
@@ -2108,7 +2106,7 @@
data_t *input,
data_t *expected)
{
- unsigned char secret_new[MBEDTLS_HASH_MAX_SIZE];
+ unsigned char secret_new[MBEDTLS_MD_MAX_SIZE];
PSA_INIT();
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index d93c171..ab4a2d0 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -7,8 +7,7 @@
#include "mbedtls/rsa.h"
#include "mbedtls/asn1write.h"
#include "mbedtls/pk.h"
-
-#include "hash_info.h"
+#include "md_psa.h"
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
@@ -47,7 +46,7 @@
goto cleanup;
}
- psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md(csr.sig_md);
+ psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type(csr.sig_md);
size_t hash_size = 0;
psa_status_t status = psa_hash_compute(psa_alg, csr.cri.p, csr.cri.len,
hash, PSA_HASH_MAX_SIZE, &hash_size);
@@ -59,7 +58,7 @@
}
if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk,
- csr.sig_md, hash, mbedtls_hash_info_get_size(csr.sig_md),
+ csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md),
csr.sig.p, csr.sig.len) != 0) {
ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;
goto cleanup;
@@ -270,7 +269,7 @@
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
- md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type);
+ md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type);
TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
mbedtls_pk_init(&key);
@@ -428,7 +427,7 @@
if (pk_wrap == 2) {
psa_algorithm_t alg_psa, md_alg_psa;
- md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type);
+ md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type);
TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_ECKEY) {