Add parameter validation to SHA-256 module
diff --git a/library/sha256.c b/library/sha256.c
index dbb4a89..2f19685 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -74,8 +74,14 @@
 } while( 0 )
 #endif
 
+#define MBEDTLS_SHA256_VALIDATE_RET(cond)                           \
+    MBEDTLS_VALIDATE_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, cond )
+#define MBEDTLS_SHA256_VALIDATE(cond)               MBEDTLS_VALIDATE( cond )
+
 void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
 {
+    MBEDTLS_SHA256_VALIDATE( ctx != NULL );
+
     memset( ctx, 0, sizeof( mbedtls_sha256_context ) );
 }
 
@@ -90,6 +96,9 @@
 void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
                            const mbedtls_sha256_context *src )
 {
+    MBEDTLS_SHA256_VALIDATE( dst != NULL );
+    MBEDTLS_SHA256_VALIDATE( src != NULL );
+
     *dst = *src;
 }
 
@@ -98,6 +107,8 @@
  */
 int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 )
 {
+    MBEDTLS_SHA256_VALIDATE( ctx != NULL );
+
     ctx->total[0] = 0;
     ctx->total[1] = 0;
 
@@ -192,6 +203,9 @@
     uint32_t A[8];
     unsigned int i;
 
+    MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL );
+    MBEDTLS_SHA256_VALIDATE_RET( (const unsigned char *)data != NULL );
+
     for( i = 0; i < 8; i++ )
         A[i] = ctx->state[i];
 
@@ -266,6 +280,9 @@
     if( ilen == 0 )
         return( 0 );
 
+    MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL );
+    MBEDTLS_SHA256_VALIDATE_RET( input != NULL );
+
     left = ctx->total[0] & 0x3F;
     fill = 64 - left;
 
@@ -321,6 +338,9 @@
     uint32_t used;
     uint32_t high, low;
 
+    MBEDTLS_SHA256_VALIDATE_RET( ctx != NULL );
+    MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
+
     /*
      * Add padding: 0x80 then 0x00 until 8 bytes remain for the length
      */
@@ -395,6 +415,9 @@
     int ret;
     mbedtls_sha256_context ctx;
 
+    MBEDTLS_SHA256_VALIDATE_RET( ilen == 0 || input != NULL );
+    MBEDTLS_SHA256_VALIDATE_RET( (unsigned char *)output != NULL );
+
     mbedtls_sha256_init( &ctx );
 
     if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 )