diff --git a/ChangeLog b/ChangeLog index 66a8ce92f..0ead78009 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,12 @@ API Changes mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() * Extend ECDH interface to enable alternative implementations. + * Deprecate the ARIA error MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH + in favour of a new generic error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. + * Deprecate the CAMELLIA error MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH + in favour a new generic error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. + * Deprecate the Blowfish error MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH + in favour of a new generic error MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 483d4c299..c80c9fd26 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -39,6 +39,8 @@ #include #include +#include "platform_util.h" + #define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */ #define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */ @@ -46,8 +48,12 @@ #define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */ #define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */ -#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */ -#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C ) +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */ + +#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */ /* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used. */ @@ -106,7 +112,7 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx ); *
  • 192 bits
  • *
  • 256 bits
  • * - * \return \c 0 on success or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH + * \return \c 0 on success or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA * on failure. */ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, @@ -123,7 +129,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, *
  • 192 bits
  • *
  • 256 bits
  • * - * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH on failure. + * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA on failure. */ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, const unsigned char *key, diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 82b772ada..922d8f82e 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -33,6 +33,8 @@ #include #include +#include "platform_util.h" + #define MBEDTLS_BLOWFISH_ENCRYPT 1 #define MBEDTLS_BLOWFISH_DECRYPT 0 #define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448 @@ -40,14 +42,17 @@ #define MBEDTLS_BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */ #define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */ -#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 ) +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */ + +#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ /* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */ -#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ - #ifdef __cplusplus extern "C" { #endif @@ -91,7 +96,7 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); * \param key encryption key * \param keybits must be between 32 and 448 bits * - * \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH + * \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA */ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key, unsigned int keybits ); diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 1555867cf..0a02335ac 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -33,11 +33,17 @@ #include #include +#include "platform_util.h" + #define MBEDTLS_CAMELLIA_ENCRYPT 1 #define MBEDTLS_CAMELLIA_DECRYPT 0 -#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */ -#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 ) +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */ + +#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ /* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used. */ @@ -86,7 +92,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); * \param key encryption key * \param keybits must be 128, 192 or 256 * - * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH + * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA */ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -98,7 +104,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c * \param key decryption key * \param keybits must be 128, 192 or 256 * - * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH + * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA */ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -175,7 +181,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, * \param output buffer holding the output data * * \return 0 if successful, or - * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH + * MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. */ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, int mode, diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 8e2d0208d..27e3753a4 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -353,15 +353,6 @@ int mbedtls_dhm_self_test( int verbose ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t; -#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ - ( (mbedtls_deprecated_constant_t) ( VAL ) ) -#else -#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL -#endif /* ! MBEDTLS_DEPRECATED_WARNING */ - /** * \warning The origin of the primes in RFC 5114 is not documented and * their use therefore constitutes a security risk! diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 8846f4504..b0e72ad14 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -102,6 +102,27 @@ void mbedtls_param_failed( const char *failure_condition, #endif /* MBEDTLS_CHECK_PARAMS */ +/* Internal helper macros for deprecating API constants. */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here + * to avoid conflict with other headers which define and use + * it, too. We might want to move all these definitions here at + * some point for uniformity. */ +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t; +#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ + ( (mbedtls_deprecated_string_constant_t) ( VAL ) ) +MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; +#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \ + ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) ) +#undef MBEDTLS_DEPRECATED +#else /* MBEDTLS_DEPRECATED_WARNING */ +#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL +#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL +#endif /* MBEDTLS_DEPRECATED_WARNING */ +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + /** * \brief Securely zeroize a buffer * diff --git a/library/aria.c b/library/aria.c index ca9e147f0..6d87941c1 100644 --- a/library/aria.c +++ b/library/aria.c @@ -451,7 +451,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, uint32_t w[4][4], *w2; if( keybits != 128 && keybits != 192 && keybits != 256 ) - return( MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH ); + return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); /* Copy key to W0 (and potential remainder to W1) */ GET_UINT32_LE( w[0][0], key, 0 ); diff --git a/library/blowfish.c b/library/blowfish.c index 5b6bb9885..b3448c20b 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -176,7 +176,7 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS || ( keybits % 8 ) ) { - return( MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH ); + return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); } keybits >>= 3; diff --git a/library/camellia.c b/library/camellia.c index 41b7da0fa..97c9f20d0 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -356,7 +356,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c case 128: ctx->nr = 3; idx = 0; break; case 192: case 256: ctx->nr = 4; idx = 1; break; - default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH ); + default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); } for( i = 0; i < keybits / 8; ++i ) diff --git a/library/error.c b/library/error.c index eabee9e21..3be4175cc 100644 --- a/library/error.c +++ b/library/error.c @@ -618,8 +618,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_ARIA_C) - if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH) ) - mbedtls_snprintf( buf, buflen, "ARIA - Invalid key length" ); + if( use_ret == -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "ARIA - Bad input data" ); if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" ); if( use_ret == -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) ) @@ -672,17 +672,17 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #endif /* MBEDTLS_BIGNUM_C */ #if defined(MBEDTLS_BLOWFISH_C) - if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH) ) - mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid key length" ); - if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) ) - mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" ); + if( use_ret == -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "BLOWFISH - Bad input data" ); if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" ); + if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) ) + mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" ); #endif /* MBEDTLS_BLOWFISH_C */ #if defined(MBEDTLS_CAMELLIA_C) - if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH) ) - mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid key length" ); + if( use_ret == -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "CAMELLIA - Bad input data" ); if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" ); if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) ) diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data index 1ba311f59..d4e8791c1 100644 --- a/tests/suites/test_suite_blowfish.data +++ b/tests/suites/test_suite_blowfish.data @@ -203,13 +203,13 @@ BLOWFISH-ECB Decrypt SSLeay reference #34 blowfish_decrypt_ecb:"fedcba9876543210":"6b5c5a9c5d9e0a5a":"ffffffffffffffff":0 BLOWFISH-SETKEY Setkey SSLeay reference #1 -blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH +blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-SETKEY Setkey SSLeay reference #2 -blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH +blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-SETKEY Setkey SSLeay reference #3 -blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH +blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-SETKEY Setkey SSLeay reference #4 blowfish_encrypt_ecb:"f0e1d2c3":"fedcba9876543210":"be1e639408640f05":0 @@ -281,7 +281,7 @@ BLOWFISH-SETKEY Setkey 448 bits blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fff":"fedcba9876543210":"2fb3ab7f0ee91b69":0 BLOWFISH-SETKEY Setkey 456 bits -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH +blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-CBC Encrypt blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000000000":"6b77b4d63006dee605b156e27403979358deb9e7154616d959f1652bd5ff92cc":0 diff --git a/tests/suites/test_suite_camellia.data b/tests/suites/test_suite_camellia.data index 14298387a..190632ed3 100644 --- a/tests/suites/test_suite_camellia.data +++ b/tests/suites/test_suite_camellia.data @@ -185,10 +185,10 @@ depends_on:MBEDTLS_CIPHER_MODE_CFB camellia_decrypt_cfb128:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"555FC3F34BDD2D54C62D9E3BF338C1C4":"F69F2445DF4F9B17AD2B417BE66C3710":"5953ADCE14DB8C7F39F1BD39F359BFFA" Camellia-ECB Encrypt (Invalid key length) -camellia_encrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH +camellia_encrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA Camellia-ECB Decrypt (Invalid key length) -camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH +camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA Camellia-256-CBC Encrypt (Invalid input length) camellia_encrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ffffffffffffffe000000000000000":"":MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH