Introduce MD handle type
As has been previously done for ciphersuites, this commit introduces
a zero-cost abstraction layer around the type
mbedtls_md_info const *
whose valid values represent implementations of message digest algorithms.
Access to a particular digest implementation can be requested by name or
digest ID through the API mbedtls_md_info_from_xxx(), which either returns
a valid implementation or NULL, representing failure.
This commit replaces such uses of `mbedtls_md_info const *` by an abstract
type `mbedtls_md_handle_t` whose valid values represent digest implementations,
and which has a designated invalid value MBEDTLS_MD_INVALID_HANDLE.
The purpose of this abstraction layer is to pave the way for builds which
support precisely one digest algorithm. In this case, mbedtls_md_handle_t
can be implemented as a two-valued type, with one value representing the
invalid handle, and the unique valid value representing the unique enabled
digest.
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index 3d8d02a..00e752b 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -75,7 +75,7 @@
*/
typedef struct mbedtls_ecjpake_context
{
- const mbedtls_md_info_t *md_info; /**< Hash to use */
+ mbedtls_md_handle_t md_info; /**< Hash to use */
mbedtls_ecp_group grp; /**< Elliptic curve */
mbedtls_ecjpake_role role; /**< Are we client or server? */
int point_format; /**< Format for point export */
diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h
index 40ee64e..ebf5e12 100644
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@@ -70,7 +70,7 @@
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
-int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
+int mbedtls_hkdf( mbedtls_md_handle_t md, const unsigned char *salt,
size_t salt_len, const unsigned char *ikm, size_t ikm_len,
const unsigned char *info, size_t info_len,
unsigned char *okm, size_t okm_len );
@@ -99,7 +99,7 @@
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
-int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
+int mbedtls_hkdf_extract( mbedtls_md_handle_t md,
const unsigned char *salt, size_t salt_len,
const unsigned char *ikm, size_t ikm_len,
unsigned char *prk );
@@ -130,7 +130,7 @@
* \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
* MD layer.
*/
-int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
+int mbedtls_hkdf_expand( mbedtls_md_handle_t md, const unsigned char *prk,
size_t prk_len, const unsigned char *info,
size_t info_len, unsigned char *okm, size_t okm_len );
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index f1289cb..ed03854 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -138,7 +138,7 @@
* MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED.
*/
int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
- const mbedtls_md_info_t * md_info,
+ mbedtls_md_handle_t md_info,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
@@ -158,7 +158,7 @@
* MBEDTLS_ERR_MD_ALLOC_FAILED.
*/
int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
- const mbedtls_md_info_t * md_info,
+ mbedtls_md_handle_t md_info,
const unsigned char *data, size_t data_len );
/**
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 69ab21f..40624e4 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -85,13 +85,17 @@
*/
typedef struct mbedtls_md_info_t mbedtls_md_info_t;
+
+typedef struct mbedtls_md_info_t const * mbedtls_md_handle_t;
+#define MBEDTLS_MD_INVALID_HANDLE ( (mbedtls_md_handle_t) NULL )
+
/**
* The generic message-digest context.
*/
typedef struct mbedtls_md_context_t
{
/** Information about the associated message digest. */
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
/** The digest-specific context. */
void *md_ctx;
@@ -120,7 +124,7 @@
* \return The message-digest information associated with \p md_name.
* \return NULL if the associated message-digest information is not found.
*/
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
+mbedtls_md_handle_t mbedtls_md_info_from_string( const char *md_name );
/**
* \brief This function returns the message-digest information
@@ -131,7 +135,7 @@
* \return The message-digest information associated with \p md_type.
* \return NULL if the associated message-digest information is not found.
*/
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
+mbedtls_md_handle_t mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
/**
* \brief This function initializes a message-digest context without
@@ -182,7 +186,7 @@
* failure.
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/
-int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
+int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info ) MBEDTLS_DEPRECATED;
#undef MBEDTLS_DEPRECATED
#endif /* MBEDTLS_DEPRECATED_REMOVED */
@@ -205,7 +209,7 @@
* failure.
* \return #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
*/
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
+int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac );
/**
* \brief This function clones the state of an message-digest
@@ -238,7 +242,7 @@
*
* \return The size of the message-digest output in Bytes.
*/
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
+unsigned char mbedtls_md_get_size( mbedtls_md_handle_t md_info );
/**
* \brief This function extracts the message-digest type from the
@@ -249,7 +253,7 @@
*
* \return The type of the message digest.
*/
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
+mbedtls_md_type_t mbedtls_md_get_type( mbedtls_md_handle_t md_info );
/**
* \brief This function extracts the message-digest name from the
@@ -260,7 +264,7 @@
*
* \return The name of the message digest.
*/
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
+const char *mbedtls_md_get_name( mbedtls_md_handle_t md_info );
/**
* \brief This function starts a message-digest computation.
@@ -333,7 +337,7 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
+int mbedtls_md( mbedtls_md_handle_t md_info, const unsigned char *input, size_t ilen,
unsigned char *output );
#if defined(MBEDTLS_FS_IO)
@@ -354,7 +358,7 @@
* the file pointed by \p path.
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
*/
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
+int mbedtls_md_file( mbedtls_md_handle_t md_info, const char *path,
unsigned char *output );
#endif /* MBEDTLS_FS_IO */
@@ -460,7 +464,7 @@
* \return #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
* failure.
*/
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
+int mbedtls_md_hmac( mbedtls_md_handle_t md_info, const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char *output );