From c0f7a8680fe1b1a5346058fca7b6af38352dbe15 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 19 Feb 2024 16:50:39 +0100 Subject: [PATCH] mbedtls_ecp_write_key(): deprecate the old function Signed-off-by: Gilles Peskine --- ChangeLog.d/ecp_write_key.txt | 4 ++++ include/mbedtls/ecp.h | 11 ++++++++--- library/ecp.c | 2 ++ tests/suites/test_suite_ecp.function | 6 +++++- 4 files changed, 19 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/ecp_write_key.txt b/ChangeLog.d/ecp_write_key.txt index 19612396c..73354c863 100644 --- a/ChangeLog.d/ecp_write_key.txt +++ b/ChangeLog.d/ecp_write_key.txt @@ -2,3 +2,7 @@ Features * The new function mbedtls_ecp_write_key_ext() is similar to mbedtls_ecp_write_key(), but can be used without separately calculating the output length. + +New deprecations + * mbedtls_ecp_write_key() is deprecated in favor of + mbedtls_ecp_write_key_ext(). diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 58fc5e555..05778cdd1 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -24,6 +24,7 @@ #include "mbedtls/private_access.h" #include "mbedtls/build_info.h" +#include "mbedtls/platform_util.h" #include "mbedtls/bignum.h" @@ -1327,10 +1328,11 @@ int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id, int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, const unsigned char *buf, size_t buflen); +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /** * \brief This function exports an elliptic curve private key. * - * \note Note that although this function accepts an output + * \deprecated Note that although this function accepts an output * buffer that is smaller or larger than the key, most key * import interfaces require the output to have exactly * key's nominal length. It is generally simplest to @@ -1340,6 +1342,8 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, * how to calculate the nominal length. * To avoid this difficulty, use mbedtls_ecp_write_key_ext() * instead. + * mbedtls_ecp_write_key() is deprecated and will be + * removed in a future version of the library. * * \note If the private key was not set in \p key, * the output is unspecified. Future versions @@ -1369,8 +1373,9 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key, * representation is larger than the available space in \p buf. * \return Another negative error code on different kinds of failure. */ -int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, - unsigned char *buf, size_t buflen); +int MBEDTLS_DEPRECATED mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, + unsigned char *buf, size_t buflen); +#endif /* MBEDTLS_DEPRECATED_REMOVED */ /** * \brief This function exports an elliptic curve private key. diff --git a/library/ecp.c b/library/ecp.c index 930102f97..0dadaeaac 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3302,6 +3302,7 @@ cleanup: /* * Write a private key. */ +#if !defined MBEDTLS_DEPRECATED_REMOVED int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key, unsigned char *buf, size_t buflen) { @@ -3332,6 +3333,7 @@ cleanup: return ret; } +#endif /* MBEDTLS_DEPRECATED_REMOVED */ int mbedtls_ecp_write_key_ext(mbedtls_ecp_keypair *key, size_t *olen, unsigned char *buf, size_t buflen) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index ef0781bb7..9b5c86f97 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1213,10 +1213,12 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica TEST_MEMORY_COMPARE(in_key->x, in_key->len, buf, length); +#if defined(MBEDTLS_TEST_DEPRECATED) memset(buf, 0, sizeof(buf)); TEST_EQUAL(mbedtls_ecp_write_key(&key, buf, in_key->len), 0); TEST_MEMORY_COMPARE(in_key->x, in_key->len, buf, in_key->len); +#endif /* MBEDTLS_TEST_DEPRECATED */ } else { unsigned char export1[MBEDTLS_ECP_MAX_BYTES]; unsigned char export2[MBEDTLS_ECP_MAX_BYTES]; @@ -1232,6 +1234,7 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica TEST_MEMORY_COMPARE(export1, length1, export2, length2); +#if defined(MBEDTLS_TEST_DEPRECATED) memset(export1, 0, sizeof(export1)); memset(export2, 0, sizeof(export2)); TEST_EQUAL(mbedtls_ecp_write_key(&key, export1, in_key->len), 0); @@ -1240,6 +1243,7 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica TEST_EQUAL(mbedtls_ecp_write_key(&key2, export2, in_key->len), 0); TEST_MEMORY_COMPARE(export1, in_key->len, export2, in_key->len); +#endif /* MBEDTLS_TEST_DEPRECATED */ } } @@ -1249,7 +1253,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_DEPRECATED */ void ecp_write_key(int grp_id, data_t *in_key, int exported_size, int expected_ret) {