diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 59d18b0347..c2c9dc9de4 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -115,7 +115,9 @@ defined(MBEDTLS_PK_C) || \ defined(MBEDTLS_PKCS12_C) || \ defined(MBEDTLS_RSA_C) || \ - defined(MBEDTLS_SSL_TLS_C) + defined(MBEDTLS_SSL_TLS_C) || \ + defined(MBEDTLS_X509_USE_C) || \ + defined(MBEDTLS_X509_CREATE_C) #define MBEDTLS_MD_LIGHT #endif diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 64c24358ef..5fdecc6021 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -123,7 +123,7 @@ static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation( /* Translations for hashing. */ /* Note: this function should not be used from inside the library, use - * mbedtls_hash_info_psa_from_md() from the internal hash_info.h instead. + * mbedtls_md_psa_alg_from_type() from the internal hash_info.h instead. * It is kept only for compatibility in case applications were using it. */ static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg) { diff --git a/library/hash_info.c b/library/hash_info.c index 8daa4d0bc6..3a26251691 100644 --- a/library/hash_info.c +++ b/library/hash_info.c @@ -54,45 +54,3 @@ static const hash_entry hash_table[] = { #endif { PSA_ALG_NONE, MBEDTLS_MD_NONE, 0, 0 }, }; - -/* Get PSA from MD */ -psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type) -{ - const hash_entry *entry = hash_table; - while (entry->md_type != MBEDTLS_MD_NONE && - entry->md_type != md_type) { - entry++; - } - - return entry->psa_alg; -} - -/* Get MD from PSA */ -mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg) -{ - const hash_entry *entry = hash_table; - while (entry->md_type != MBEDTLS_MD_NONE && - entry->psa_alg != psa_alg) { - entry++; - } - - return entry->md_type; -} - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_md_error_from_psa(psa_status_t status) -{ - switch (status) { - case PSA_SUCCESS: - return 0; - case PSA_ERROR_NOT_SUPPORTED: - return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE; - case PSA_ERROR_INVALID_ARGUMENT: - return MBEDTLS_ERR_MD_BAD_INPUT_DATA; - case PSA_ERROR_INSUFFICIENT_MEMORY: - return MBEDTLS_ERR_MD_ALLOC_FAILED; - default: - return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; - } -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/library/hash_info.h b/library/hash_info.h index 1dd206e70c..26e60e4f8d 100644 --- a/library/hash_info.h +++ b/library/hash_info.h @@ -36,31 +36,4 @@ #include "psa/crypto.h" #include "mbedtls/platform_util.h" -/** Get the PSA alg from the MD type. - * - * \param md_type The hash MD type. - * - * \return The corresponding PSA algorithm identifier, - * or PSA_ALG_NONE if not known. - */ -psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type); - -/** Get the MD type alg from the PSA algorithm identifier. - * - * \param psa_alg The PSA hash algorithm. - * - * \return The corresponding MD type, - * or MBEDTLS_MD_NONE if not known. - */ -mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg); - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/** Convert PSA status to MD error code. - * - * \param status PSA status. - * - * \return The corresponding MD error code, - */ -int MBEDTLS_DEPRECATED mbedtls_md_error_from_psa(psa_status_t status); -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_HASH_INFO_H */ diff --git a/library/pk.c b/library/pk.c index d731d5b2d4..74a1ffae35 100644 --- a/library/pk.c +++ b/library/pk.c @@ -42,6 +42,7 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) #include "mbedtls/psa_util.h" +#include "md_psa.h" #endif #include @@ -567,7 +568,7 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, psa_status_t status = PSA_ERROR_DATA_CORRUPT; psa_status_t destruction_status = PSA_ERROR_DATA_CORRUPT; - psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_algorithm_t psa_sig_alg = PSA_ALG_RSA_PSS_ANY_SALT(psa_md_alg); @@ -735,7 +736,7 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, } #if defined(MBEDTLS_RSA_C) - psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); if (psa_md_alg == 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 9170231d6f..1bafd1fa03 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -205,7 +205,7 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, int key_len; unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES]; psa_algorithm_t psa_alg_md = - PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg)); + PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg)); size_t rsa_len = mbedtls_rsa_get_len(rsa); if (md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len) { @@ -357,7 +357,7 @@ static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, ((void) p_rng); psa_algorithm_t psa_md_alg; - psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); if (psa_md_alg == 0) { return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } @@ -930,10 +930,10 @@ static int ecdsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, psa_status_t status; #if defined(MBEDTLS_ECDSA_DETERMINISTIC) psa_algorithm_t psa_sig_md = - PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); + PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); #else psa_algorithm_t psa_sig_md = - PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); + PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); #endif #if defined(MBEDTLS_PK_USE_PSA_EC_DATA) psa_ecc_family_t curve = pk->ec_family; @@ -1631,12 +1631,12 @@ static int pk_opaque_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg, #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { - alg = PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); + alg = PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)); } else #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ #if defined(MBEDTLS_RSA_C) if (PSA_KEY_TYPE_IS_RSA(type)) { - alg = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_hash_info_psa_from_md(md_alg)); + alg = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg)); } else #endif /* MBEDTLS_RSA_C */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 85451bf649..7fb1063f0b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3610,7 +3610,7 @@ psa_status_t mbedtls_psa_sign_hash_start( operation->ctx->grp.nbits); psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - operation->md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + operation->md_alg = mbedtls_md_type_from_psa_alg(hash_alg); operation->alg = alg; /* We only need to store the same length of hash as the private key size diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index f70d804b0f..bf2cae82b2 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -27,6 +27,7 @@ #include "psa_crypto_ecp.h" #include "psa_crypto_random_impl.h" #include "hash_info.h" +#include "md_psa.h" #include #include @@ -366,7 +367,7 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash( if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + mbedtls_md_type_t md_alg = mbedtls_md_type_from_psa_alg(hash_alg); MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_det_ext( &ecp->grp, &r, &s, &ecp->d, hash, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 02cade2deb..bb8371a885 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -28,6 +28,7 @@ #include "psa_crypto_random_impl.h" #include "psa_crypto_rsa.h" #include "psa_crypto_hash.h" +#include "md_psa.h" #include #include @@ -318,7 +319,7 @@ static psa_status_t psa_rsa_decode_md_type(psa_algorithm_t alg, mbedtls_md_type_t *md_alg) { psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - *md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + *md_alg = mbedtls_md_type_from_psa_alg(hash_alg); /* The Mbed TLS RSA module uses an unsigned int for hash length * parameters. Validate that it fits so that we don't risk an @@ -527,7 +528,7 @@ static int psa_rsa_oaep_set_padding_mode(psa_algorithm_t alg, mbedtls_rsa_context *rsa) { psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH(alg); - mbedtls_md_type_t md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + mbedtls_md_type_t md_alg = mbedtls_md_type_from_psa_alg(hash_alg); return mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_alg); } diff --git a/library/rsa.c b/library/rsa.c index 3eb7cc0dcc..aa8cdf6a82 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -47,6 +47,7 @@ #include "constant_time_internal.h" #include "mbedtls/constant_time.h" #include "hash_info.h" +#include "md_psa.h" #include @@ -478,7 +479,7 @@ int mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx, int padding, if ((padding == MBEDTLS_RSA_PKCS_V21) && (hash_id != MBEDTLS_MD_NONE)) { /* Just make sure this hash is supported in this build. */ - if (mbedtls_hash_info_psa_from_md(hash_id) == PSA_ALG_NONE) { + if (mbedtls_md_psa_alg_from_type(hash_id) == PSA_ALG_NONE) { return MBEDTLS_ERR_RSA_INVALID_PADDING; } } diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 9cef3fe79a..3d4466a978 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1966,10 +1966,10 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: return PSA_ALG_RSA_PKCS1V15_SIGN( - mbedtls_hash_info_psa_from_md(info->mac)); + mbedtls_md_psa_alg_from_type(info->mac)); case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - return PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(info->mac)); + return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type(info->mac)); case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 6d54300bc9..b51e91a122 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -114,7 +114,7 @@ int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, (void) f_rng; (void) p_rng; - alg = mbedtls_hash_info_psa_from_md(COOKIE_MD); + alg = mbedtls_md_psa_alg_from_type(COOKIE_MD); if (alg == 0) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c928ccda81..2a6242099f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -8292,9 +8292,9 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - mac_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac); + mac_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); if (mac_alg == 0) { - MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_hash_info_psa_from_md for %u not found", + MBEDTLS_SSL_DEBUG_MSG(1, ("mbedtls_md_psa_alg_from_type for %u not found", (unsigned) ciphersuite_info->mac)); return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } @@ -8741,7 +8741,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2(mbedtls_ssl_context *ssl, { psa_status_t status; psa_hash_operation_t hash_operation = PSA_HASH_OPERATION_INIT; - psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(md_alg); MBEDTLS_SSL_DEBUG_MSG(3, ("Perform PSA-based computation of digest of ServerKeyExchange")); @@ -8870,7 +8870,7 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg( #if defined(MBEDTLS_USE_PSA_CRYPTO) if (ssl->handshake->key_cert && ssl->handshake->key_cert->key) { psa_algorithm_t psa_hash_alg = - mbedtls_hash_info_psa_from_md(hash_alg_received); + mbedtls_md_psa_alg_from_type(hash_alg_received); if (sig_alg_received == MBEDTLS_SSL_SIG_ECDSA && !mbedtls_pk_can_do_ext(ssl->handshake->key_cert->key, diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index e347853818..937463d772 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -850,7 +850,7 @@ static int ssl_tls13_write_binder(mbedtls_ssl_context *ssl, /* Get current state of handshake transcript. */ ret = mbedtls_ssl_get_handshake_transcript( - ssl, mbedtls_hash_info_md_from_psa(hash_alg), + ssl, mbedtls_md_type_from_psa_alg(hash_alg), transcript, sizeof(transcript), &transcript_len); if (ret != 0) { return ret; diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index a00785b09b..de2ce32625 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -274,7 +274,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl, goto error; } - hash_alg = mbedtls_hash_info_psa_from_md(md_alg); + hash_alg = mbedtls_md_psa_alg_from_type(md_alg); if (hash_alg == 0) { goto error; } @@ -1076,7 +1076,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, } /* Hash verify buffer with indicated hash function */ - psa_algorithm = mbedtls_hash_info_psa_from_md(md_alg); + psa_algorithm = mbedtls_md_psa_alg_from_type(md_alg); status = psa_hash_compute(psa_algorithm, verify_buffer, verify_buffer_len, diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 46caa45d3e..74dbe48fbb 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -677,7 +677,7 @@ static int ssl_tls13_key_schedule_stage_application(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md( + psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( handshake->ciphersuite_info->mac); /* @@ -792,7 +792,7 @@ int mbedtls_ssl_tls13_calculate_verify_data(mbedtls_ssl_context *ssl, mbedtls_md_type_t const md_type = ssl->handshake->ciphersuite_info->mac; - psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md( + psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type( ssl->handshake->ciphersuite_info->mac); size_t const hash_len = PSA_HASH_LENGTH(hash_alg); @@ -1163,7 +1163,7 @@ static int ssl_tls13_generate_early_key(mbedtls_ssl_context *ssl, md_type = ciphersuite_info->mac; - hash_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, @@ -1291,7 +1291,7 @@ int mbedtls_ssl_tls13_key_schedule_stage_early(mbedtls_ssl_context *ssl) return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - hash_alg = mbedtls_hash_info_psa_from_md(handshake->ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac); #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { ret = mbedtls_ssl_tls13_export_handshake_psk(ssl, &psk, &psk_len); @@ -1365,7 +1365,7 @@ static int ssl_tls13_generate_handshake_keys(mbedtls_ssl_context *ssl, md_type = ciphersuite_info->mac; - hash_alg = mbedtls_hash_info_psa_from_md(ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type(ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); ret = mbedtls_ssl_get_handshake_transcript(ssl, md_type, @@ -1472,7 +1472,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params *handshake = ssl->handshake; - psa_algorithm_t const hash_alg = mbedtls_hash_info_psa_from_md( + psa_algorithm_t const hash_alg = mbedtls_md_psa_alg_from_type( handshake->ciphersuite_info->mac); unsigned char *shared_secret = NULL; size_t shared_secret_len = 0; @@ -1608,7 +1608,7 @@ static int ssl_tls13_generate_application_keys( md_type = handshake->ciphersuite_info->mac; - hash_alg = mbedtls_hash_info_psa_from_md(handshake->ciphersuite_info->mac); + hash_alg = mbedtls_md_psa_alg_from_type(handshake->ciphersuite_info->mac); hash_len = PSA_HASH_LENGTH(hash_alg); /* Compute current handshake transcript. It's the caller's responsibility diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index dc3c2f070d..8403151218 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -332,7 +332,7 @@ static int ssl_tls13_offered_psks_check_binder_match( /* Get current state of handshake transcript. */ ret = mbedtls_ssl_get_handshake_transcript( - ssl, mbedtls_hash_info_md_from_psa(psk_hash_alg), + ssl, mbedtls_md_type_from_psa_alg(psk_hash_alg), transcript, sizeof(transcript), &transcript_len); if (ret != 0) { return ret; diff --git a/library/x509_crt.c b/library/x509_crt.c index 9b49a1b665..69c3c03481 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2064,7 +2064,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm = mbedtls_hash_info_psa_from_md(crl_list->sig_md); + psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md); if (psa_hash_compute(psa_algorithm, crl_list->tbs.p, crl_list->tbs.len, @@ -2144,7 +2144,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, return -1; } #else - psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(child->sig_md); + psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; status = psa_hash_compute(hash_alg, diff --git a/library/x509write_crt.c b/library/x509write_crt.c index c89670aa45..a8ea945997 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -728,7 +728,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, /* Compute hash of CRT. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm = mbedtls_hash_info_psa_from_md(ctx->md_alg); + psa_algorithm = mbedtls_md_psa_alg_from_type(ctx->md_alg); status = psa_hash_compute(psa_algorithm, c, diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 06f5c933bc..f4fad884af 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -249,7 +249,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, mbedtls_pk_type_t pk_alg; #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_len; - psa_algorithm_t hash_alg = mbedtls_hash_info_psa_from_md(ctx->md_alg); + psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Write the CSR backwards starting from the end of buf */ diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index efa7efe728..d1e3d9ce83 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -1209,7 +1209,7 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in, memset(md1, 0x6, maclen); #if defined(MBEDTLS_USE_PSA_CRYPTO) - alg = mbedtls_hash_info_psa_from_md(hash_id); + alg = mbedtls_md_psa_alg_from_type(hash_id); CHK(alg != 0); @@ -1501,7 +1501,7 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session, } #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md( + psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type( MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE); size_t hash_size = 0; psa_status_t status = psa_hash_compute( diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function index 55886fa7ae..35ed0430e5 100644 --- a/tests/suites/test_suite_constant_time_hmac.function +++ b/tests/suites/test_suite_constant_time_hmac.function @@ -36,7 +36,7 @@ void ssl_cf_hmac(int hash) USE_PSA_INIT(); #if defined(MBEDTLS_USE_PSA_CRYPTO) - alg = PSA_ALG_HMAC(mbedtls_hash_info_psa_from_md(hash)); + alg = PSA_ALG_HMAC(mbedtls_md_psa_alg_from_type(hash)); out_len = PSA_HASH_LENGTH(alg); block_size = PSA_HASH_BLOCK_LENGTH(alg); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 65aa593a87..0adf1fc69e 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1491,7 +1491,7 @@ void pk_psa_wrap_sign_ext(int pk_type, int parameter, int key_pk_type, int md_al unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE]; unsigned char *pkey_start; unsigned char hash[PSA_HASH_MAX_SIZE]; - psa_algorithm_t psa_md_alg = mbedtls_hash_info_psa_from_md(md_alg); + psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg); psa_algorithm_t psa_alg; size_t hash_len = PSA_HASH_LENGTH(psa_md_alg); void const *options = NULL; diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 22525d2d63..be6a066fef 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -47,7 +47,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen) goto cleanup; } - psa_algorithm_t psa_alg = mbedtls_hash_info_psa_from_md(csr.sig_md); + psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type(csr.sig_md); size_t hash_size = 0; psa_status_t status = psa_hash_compute(psa_alg, csr.cri.p, csr.cri.len, hash, PSA_HASH_MAX_SIZE, &hash_size); @@ -270,7 +270,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage, memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info)); - md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type); + md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type); TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE); mbedtls_pk_init(&key); @@ -428,7 +428,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd, if (pk_wrap == 2) { psa_algorithm_t alg_psa, md_alg_psa; - md_alg_psa = mbedtls_hash_info_psa_from_md((mbedtls_md_type_t) md_type); + md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type); TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE); if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_ECKEY) {