Introduce MD handle type
As has been previously done for ciphersuites, this commit introduces
a zero-cost abstraction layer around the type
mbedtls_md_info const *
whose valid values represent implementations of message digest algorithms.
Access to a particular digest implementation can be requested by name or
digest ID through the API mbedtls_md_info_from_xxx(), which either returns
a valid implementation or NULL, representing failure.
This commit replaces such uses of `mbedtls_md_info const *` by an abstract
type `mbedtls_md_handle_t` whose valid values represent digest implementations,
and which has a designated invalid value MBEDTLS_MD_INVALID_HANDLE.
The purpose of this abstraction layer is to pave the way for builds which
support precisely one digest algorithm. In this case, mbedtls_md_handle_t
can be implemented as a two-valued type, with one value representing the
invalid handle, and the unique valid value representing the unique enabled
digest.
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 58e1a5f..94bb7f0 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -412,11 +412,14 @@
mbedtls_hmac_drbg_context *p_rng = &rng_ctx;
unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
size_t grp_len = ( grp->nbits + 7 ) / 8;
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
mbedtls_mpi h;
- if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
+ if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) ==
+ MBEDTLS_MD_INVALID_HANDLE )
+ {
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ }
mbedtls_mpi_init( &h );
mbedtls_hmac_drbg_init( &rng_ctx );
diff --git a/library/ecjpake.c b/library/ecjpake.c
index b276514..ea28e6d 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -63,7 +63,7 @@
{
ECJPAKE_VALIDATE( ctx != NULL );
- ctx->md_info = NULL;
+ ctx->md_info = MBEDTLS_MD_INVALID_HANDLE;
mbedtls_ecp_group_init( &ctx->grp );
ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
@@ -86,7 +86,7 @@
if( ctx == NULL )
return;
- ctx->md_info = NULL;
+ ctx->md_info = MBEDTLS_MD_INVALID_HANDLE;
mbedtls_ecp_group_free( &ctx->grp );
mbedtls_ecp_point_free( &ctx->Xm1 );
@@ -119,8 +119,11 @@
ctx->role = role;
- if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) == NULL )
+ if( ( ctx->md_info = mbedtls_md_info_from_type( hash ) ) ==
+ MBEDTLS_MD_INVALID_HANDLE )
+ {
return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+ }
MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ctx->grp, curve ) );
@@ -140,7 +143,7 @@
{
ECJPAKE_VALIDATE_RET( ctx != NULL );
- if( ctx->md_info == NULL ||
+ if( ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ||
ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
ctx->s.p == NULL )
{
@@ -190,7 +193,7 @@
/*
* Compute hash for ZKP (7.4.2.2.2.1)
*/
-static int ecjpake_hash( const mbedtls_md_info_t *md_info,
+static int ecjpake_hash( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,
@@ -240,7 +243,7 @@
/*
* Parse a ECShnorrZKP (7.4.2.2.2) and verify it (7.4.2.3.3)
*/
-static int ecjpake_zkp_read( const mbedtls_md_info_t *md_info,
+static int ecjpake_zkp_read( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,
@@ -312,7 +315,7 @@
/*
* Generate ZKP (7.4.2.3.2) and write it as ECSchnorrZKP (7.4.2.2.2)
*/
-static int ecjpake_zkp_write( const mbedtls_md_info_t *md_info,
+static int ecjpake_zkp_write( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,
@@ -373,7 +376,7 @@
* Parse a ECJPAKEKeyKP (7.4.2.2.1) and check proof
* Output: verified public key X
*/
-static int ecjpake_kkp_read( const mbedtls_md_info_t *md_info,
+static int ecjpake_kkp_read( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,
@@ -410,7 +413,7 @@
* Generate an ECJPAKEKeyKP
* Output: the serialized structure, plus private/public key pair
*/
-static int ecjpake_kkp_write( const mbedtls_md_info_t *md_info,
+static int ecjpake_kkp_write( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,
@@ -447,7 +450,7 @@
* Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs
* Ouputs: verified peer public keys Xa, Xb
*/
-static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info,
+static int ecjpake_kkpp_read( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,
@@ -480,7 +483,7 @@
* Generate a ECJPAKEKeyKPPairList
* Outputs: the serialized structure, plus two private/public key pairs
*/
-static int ecjpake_kkpp_write( const mbedtls_md_info_t *md_info,
+static int ecjpake_kkpp_write( mbedtls_md_handle_t md_info,
const mbedtls_ecp_group *grp,
const int pf,
const mbedtls_ecp_point *G,
diff --git a/library/hkdf.c b/library/hkdf.c
index 82d8a42..d64dc4d 100644
--- a/library/hkdf.c
+++ b/library/hkdf.c
@@ -30,7 +30,7 @@
#include "mbedtls/hkdf.h"
#include "mbedtls/platform_util.h"
-int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
+int mbedtls_hkdf( mbedtls_md_handle_t md, const unsigned char *salt,
size_t salt_len, const unsigned char *ikm, size_t ikm_len,
const unsigned char *info, size_t info_len,
unsigned char *okm, size_t okm_len )
@@ -51,7 +51,7 @@
return( ret );
}
-int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
+int mbedtls_hkdf_extract( mbedtls_md_handle_t md,
const unsigned char *salt, size_t salt_len,
const unsigned char *ikm, size_t ikm_len,
unsigned char *prk )
@@ -81,7 +81,7 @@
return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) );
}
-int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
+int mbedtls_hkdf_expand( mbedtls_md_handle_t md, const unsigned char *prk,
size_t prk_len, const unsigned char *info,
size_t info_len, unsigned char *okm, size_t okm_len )
{
diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c
index 34f1815..c9c541d 100644
--- a/library/hmac_drbg.c
+++ b/library/hmac_drbg.c
@@ -124,7 +124,7 @@
* Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA)
*/
int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
- const mbedtls_md_info_t * md_info,
+ mbedtls_md_handle_t md_info,
const unsigned char *data, size_t data_len )
{
int ret;
@@ -246,7 +246,7 @@
* from the entropy source as suggested in 8.6.7.
*/
int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
- const mbedtls_md_info_t * md_info,
+ mbedtls_md_handle_t md_info,
int (*f_entropy)(void *, unsigned char *, size_t),
void *p_entropy,
const unsigned char *custom,
@@ -564,7 +564,7 @@
{
mbedtls_hmac_drbg_context ctx;
unsigned char buf[OUTPUT_LEN];
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
+ mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
mbedtls_hmac_drbg_init( &ctx );
diff --git a/library/md.c b/library/md.c
index b3525be..d634606 100644
--- a/library/md.c
+++ b/library/md.c
@@ -94,7 +94,7 @@
return( supported_digests );
}
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name )
+mbedtls_md_handle_t mbedtls_md_info_from_string( const char *md_name )
{
if( NULL == md_name )
return( NULL );
@@ -137,7 +137,7 @@
return( NULL );
}
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
+mbedtls_md_handle_t mbedtls_md_info_from_type( mbedtls_md_type_t md_type )
{
switch( md_type )
{
@@ -187,7 +187,7 @@
void mbedtls_md_free( mbedtls_md_context_t *ctx )
{
- if( ctx == NULL || ctx->md_info == NULL )
+ if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE )
return;
if( ctx->md_ctx != NULL )
@@ -206,8 +206,8 @@
int mbedtls_md_clone( mbedtls_md_context_t *dst,
const mbedtls_md_context_t *src )
{
- if( dst == NULL || dst->md_info == NULL ||
- src == NULL || src->md_info == NULL ||
+ if( dst == NULL || dst->md_info == MBEDTLS_MD_INVALID_HANDLE ||
+ src == NULL || src->md_info == MBEDTLS_MD_INVALID_HANDLE ||
dst->md_info != src->md_info )
{
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
@@ -219,15 +219,15 @@
}
#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
-int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info )
+int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info )
{
return mbedtls_md_setup( ctx, md_info, 1 );
}
#endif
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac )
+int mbedtls_md_setup( mbedtls_md_context_t *ctx, mbedtls_md_handle_t md_info, int hmac )
{
- if( md_info == NULL || ctx == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE || ctx == NULL )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
if( ( ctx->md_ctx = md_info->ctx_alloc_func() ) == NULL )
@@ -250,7 +250,7 @@
int mbedtls_md_starts( mbedtls_md_context_t *ctx )
{
- if( ctx == NULL || ctx->md_info == NULL )
+ if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
return( ctx->md_info->starts_func( ctx->md_ctx ) );
@@ -258,7 +258,7 @@
int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
{
- if( ctx == NULL || ctx->md_info == NULL )
+ if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) );
@@ -266,23 +266,23 @@
int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output )
{
- if( ctx == NULL || ctx->md_info == NULL )
+ if( ctx == NULL || ctx->md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
return( ctx->md_info->finish_func( ctx->md_ctx, output ) );
}
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
+int mbedtls_md( mbedtls_md_handle_t md_info, const unsigned char *input, size_t ilen,
unsigned char *output )
{
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
return( md_info->digest_func( input, ilen, output ) );
}
#if defined(MBEDTLS_FS_IO)
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path, unsigned char *output )
+int mbedtls_md_file( mbedtls_md_handle_t md_info, const char *path, unsigned char *output )
{
int ret;
FILE *f;
@@ -290,7 +290,7 @@
mbedtls_md_context_t ctx;
unsigned char buf[1024];
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
if( ( f = fopen( path, "rb" ) ) == NULL )
@@ -329,8 +329,12 @@
unsigned char *ipad, *opad;
size_t i;
- if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
+ if( ctx == NULL ||
+ ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ||
+ ctx->hmac_ctx == NULL )
+ {
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ }
if( keylen > (size_t) ctx->md_info->block_size )
{
@@ -371,8 +375,12 @@
int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen )
{
- if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
+ if( ctx == NULL ||
+ ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ||
+ ctx->hmac_ctx == NULL )
+ {
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ }
return( ctx->md_info->update_func( ctx->md_ctx, input, ilen ) );
}
@@ -383,8 +391,12 @@
unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
unsigned char *opad;
- if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
+ if( ctx == NULL ||
+ ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ||
+ ctx->hmac_ctx == NULL )
+ {
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ }
opad = (unsigned char *) ctx->hmac_ctx + ctx->md_info->block_size;
@@ -406,8 +418,12 @@
int ret;
unsigned char *ipad;
- if( ctx == NULL || ctx->md_info == NULL || ctx->hmac_ctx == NULL )
+ if( ctx == NULL ||
+ ctx->md_info == MBEDTLS_MD_INVALID_HANDLE ||
+ ctx->hmac_ctx == NULL )
+ {
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ }
ipad = (unsigned char *) ctx->hmac_ctx;
@@ -417,7 +433,7 @@
ctx->md_info->block_size ) );
}
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info,
+int mbedtls_md_hmac( mbedtls_md_handle_t md_info,
const unsigned char *key, size_t keylen,
const unsigned char *input, size_t ilen,
unsigned char *output )
@@ -425,7 +441,7 @@
mbedtls_md_context_t ctx;
int ret;
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
mbedtls_md_init( &ctx );
@@ -448,31 +464,34 @@
int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data )
{
- if( ctx == NULL || ctx->md_info == NULL )
+ if( ctx == NULL ||
+ ctx->md_info == MBEDTLS_MD_INVALID_HANDLE )
+ {
return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+ }
return( ctx->md_info->process_func( ctx->md_ctx, data ) );
}
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info )
+unsigned char mbedtls_md_get_size( mbedtls_md_handle_t md_info )
{
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( 0 );
return md_info->size;
}
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info )
+mbedtls_md_type_t mbedtls_md_get_type( mbedtls_md_handle_t md_info )
{
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_MD_NONE );
return md_info->type;
}
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info )
+const char *mbedtls_md_get_name( mbedtls_md_handle_t md_info )
{
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( NULL );
return md_info->name;
diff --git a/library/pk.c b/library/pk.c
index 161a135..93c5764 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -205,13 +205,16 @@
*/
static inline int pk_hashlen_helper( mbedtls_md_type_t md_alg, size_t *hash_len )
{
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
if( *hash_len != 0 )
return( 0 );
- if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
+ if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) ==
+ MBEDTLS_MD_INVALID_HANDLE )
+ {
return( -1 );
+ }
*hash_len = mbedtls_md_get_size( md_info );
return( 0 );
diff --git a/library/pkcs11.c b/library/pkcs11.c
index 0ea6425..9ef5353 100644
--- a/library/pkcs11.c
+++ b/library/pkcs11.c
@@ -183,8 +183,8 @@
if( md_alg != MBEDTLS_MD_NONE )
{
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
- if( md_info == NULL )
+ mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg );
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
diff --git a/library/pkcs12.c b/library/pkcs12.c
index 7edf064..e16d0a9 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -261,7 +261,7 @@
size_t hlen, use_len, v, i;
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
// This version only allows max of 64 bytes of password or salt
@@ -269,7 +269,7 @@
return( MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA );
md_info = mbedtls_md_info_from_type( md_type );
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE );
mbedtls_md_init( &md_ctx );
diff --git a/library/pkcs5.c b/library/pkcs5.c
index 5013343..2717aaa 100644
--- a/library/pkcs5.c
+++ b/library/pkcs5.c
@@ -122,7 +122,7 @@
mbedtls_md_type_t md_type = MBEDTLS_MD_SHA1;
unsigned char key[32], iv[32];
size_t olen = 0;
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
const mbedtls_cipher_info_t *cipher_info;
mbedtls_md_context_t md_ctx;
mbedtls_cipher_type_t cipher_alg;
@@ -157,7 +157,7 @@
}
md_info = mbedtls_md_info_from_type( md_type );
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid,
@@ -356,14 +356,14 @@
int mbedtls_pkcs5_self_test( int verbose )
{
mbedtls_md_context_t sha1_ctx;
- const mbedtls_md_info_t *info_sha1;
+ mbedtls_md_handle_t info_sha1;
int ret, i;
unsigned char key[64];
mbedtls_md_init( &sha1_ctx );
info_sha1 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 );
- if( info_sha1 == NULL )
+ if( info_sha1 == MBEDTLS_MD_INVALID_HANDLE )
{
ret = 1;
goto exit;
diff --git a/library/rsa.c b/library/rsa.c
index af1a878..2674c10 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1128,7 +1128,7 @@
int ret;
unsigned char *p = output;
unsigned int hlen;
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
RSA_VALIDATE_RET( ctx != NULL );
@@ -1145,7 +1145,7 @@
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
olen = ctx->len;
@@ -1326,7 +1326,7 @@
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
unsigned int hlen;
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
RSA_VALIDATE_RET( ctx != NULL );
@@ -1349,7 +1349,7 @@
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );
@@ -1767,7 +1767,7 @@
size_t slen, min_slen, hlen, offset = 0;
int ret;
size_t msb;
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
RSA_VALIDATE_RET( ctx != NULL );
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
@@ -1789,14 +1789,14 @@
{
/* Gather length of hash to sign */
md_info = mbedtls_md_info_from_type( md_alg );
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hashlen = mbedtls_md_get_size( md_info );
}
md_info = mbedtls_md_info_from_type( (mbedtls_md_type_t) ctx->hash_id );
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );
@@ -1910,8 +1910,8 @@
/* Are we signing hashed or raw data? */
if( md_alg != MBEDTLS_MD_NONE )
{
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
- if( md_info == NULL )
+ mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg );
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
@@ -2150,7 +2150,7 @@
unsigned char zeros[8];
unsigned int hlen;
size_t observed_salt_len, msb;
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
@@ -2186,14 +2186,14 @@
{
/* Gather length of hash to sign */
md_info = mbedtls_md_info_from_type( md_alg );
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hashlen = mbedtls_md_get_size( md_info );
}
md_info = mbedtls_md_info_from_type( mgf1_hash_id );
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
hlen = mbedtls_md_get_size( md_info );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e47c456..b17e33d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -660,7 +660,7 @@
const unsigned char *S1, *S2;
unsigned char tmp[128];
unsigned char h_i[20];
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
int ret;
@@ -681,8 +681,11 @@
/*
* First compute P_md5(secret,label+random)[0..dlen]
*/
- if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) == NULL )
+ if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ) ) ==
+ MBEDTLS_MD_INVALID_HANDLE )
+ {
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
return( ret );
@@ -712,8 +715,11 @@
/*
* XOR out with P_sha1(secret,label+random)[0..dlen]
*/
- if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) == NULL )
+ if( ( md_info = mbedtls_md_info_from_type( MBEDTLS_MD_SHA1 ) ) ==
+ MBEDTLS_MD_INVALID_HANDLE )
+ {
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 1 ) ) != 0 )
return( ret );
@@ -763,14 +769,17 @@
size_t i, j, k, md_len;
unsigned char tmp[128];
unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
mbedtls_md_context_t md_ctx;
int ret;
mbedtls_md_init( &md_ctx );
- if( ( md_info = mbedtls_md_info_from_type( md_type ) ) == NULL )
+ if( ( md_info = mbedtls_md_info_from_type( md_type ) ) ==
+ MBEDTLS_MD_INVALID_HANDLE )
+ {
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
md_len = mbedtls_md_get_size( md_info );
@@ -1244,7 +1253,7 @@
unsigned keylen;
mbedtls_ssl_ciphersuite_handle_t ciphersuite_info;
const mbedtls_cipher_info_t *cipher_info;
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
#if !defined(MBEDTLS_SSL_HW_RECORD_ACCEL) && \
!defined(MBEDTLS_SSL_EXPORT_KEYS) && \
@@ -1293,7 +1302,7 @@
md_info = mbedtls_md_info_from_type(
mbedtls_ssl_suite_get_mac( ciphersuite_info ) );
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
mbedtls_ssl_suite_get_mac( ciphersuite_info ) ) );
@@ -3368,7 +3377,8 @@
memset( tmp, 0, sizeof( tmp ) );
- switch( mbedtls_md_get_type( transform->md_ctx_dec.md_info ) )
+ switch( mbedtls_md_get_type(
+ mbedtls_md_get_handle( &transform->md_ctx_dec ) ) )
{
#if defined(MBEDTLS_MD5_C) || defined(MBEDTLS_SHA1_C) || \
defined(MBEDTLS_SHA256_C)
@@ -6890,13 +6900,16 @@
ssl->session->peer_cert_digest;
mbedtls_md_type_t const peer_cert_digest_type =
ssl->session->peer_cert_digest_type;
- mbedtls_md_info_t const * const digest_info =
+ mbedtls_md_handle_t digest_info =
mbedtls_md_info_from_type( peer_cert_digest_type );
unsigned char tmp_digest[MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN];
size_t digest_len;
- if( peer_cert_digest == NULL || digest_info == NULL )
+ if( peer_cert_digest == NULL ||
+ digest_info == MBEDTLS_MD_INVALID_HANDLE )
+ {
return( -1 );
+ }
digest_len = mbedtls_md_get_size( digest_info );
if( digest_len > MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN )
@@ -10110,9 +10123,9 @@
if( session->peer_cert_digest_len != 0 )
{
- const mbedtls_md_info_t *md_info =
+ mbedtls_md_handle_t md_info =
mbedtls_md_info_from_type( session->peer_cert_digest_type );
- if( md_info == NULL )
+ if( md_info == MBEDTLS_MD_INVALID_HANDLE )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( session->peer_cert_digest_len != mbedtls_md_get_size( md_info ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -12484,7 +12497,7 @@
{
int ret = 0;
mbedtls_md_context_t ctx;
- const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
+ mbedtls_md_handle_t md_info = mbedtls_md_info_from_type( md_alg );
*hashlen = mbedtls_md_get_size( md_info );
mbedtls_md_init( &ctx );
diff --git a/library/x509.c b/library/x509.c
index 19cc64b..ec83017 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1065,7 +1065,7 @@
if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
{
const mbedtls_pk_rsassa_pss_options *pss_opts;
- const mbedtls_md_info_t *md_info, *mgf_md_info;
+ mbedtls_md_handle_t md_info, mgf_md_info;
pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 0089ef2..2960638 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2088,7 +2088,7 @@
static int x509_crt_get_sig_info( mbedtls_x509_crt_frame const *frame,
mbedtls_x509_crt_sig_info *info )
{
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
md_info = mbedtls_md_info_from_type( frame->sig_md );
if( mbedtls_md( md_info, frame->tbs.p, frame->tbs.len,
@@ -2705,7 +2705,7 @@
int ret;
int flags = 0;
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
- const mbedtls_md_info_t *md_info;
+ mbedtls_md_handle_t md_info;
mbedtls_x509_buf_raw ca_subject;
mbedtls_pk_context *pk;
int can_sign;