From c1c479fbe9f0e7aac39e9b2d821e24580405156a Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Thu, 6 May 2021 00:53:22 +0200 Subject: [PATCH] Fllow-up of the review: ChangeLog expansion, mmigration guides added and comments fixed Signed-off-by: TRodziewicz --- ChangeLog.d/issue4282.txt | 13 +++- configs/config-psa-crypto.h | 6 -- ...move_deprecated_functions_and_constants.md | 64 +++++++++++++++++++ include/mbedtls/config.h | 10 +-- library/ecdsa.c | 4 +- tests/suites/test_suite_cipher.function | 5 -- 6 files changed, 80 insertions(+), 22 deletions(-) create mode 100644 docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md diff --git a/ChangeLog.d/issue4282.txt b/ChangeLog.d/issue4282.txt index 27d9a281a..685f64df4 100644 --- a/ChangeLog.d/issue4282.txt +++ b/ChangeLog.d/issue4282.txt @@ -1,2 +1,13 @@ Removals - * Remove deprecated functions and constants. Fix #4282 + * Remove the following deprecated functions and constants of hex-encoded + primes based on RFC 5114 and RFC 3526 from library code and tests: + mbedtls_aes_encrypt(), mbedtls_aes_decrypt(), mbedtls_mpi_is_prime(), + mbedtls_cipher_auth_encrypt(), mbedtls_cipher_auth_decrypt(), + mbedtls_ctr_drbg_update(), mbedtls_hmac_drbg_update(), + mbedtls_ecdsa_write_signature_det(), mbedtls_ecdsa_sign_det(), + mbedtls_ssl_conf_dh_param(), mbedtls_ssl_get_max_frag_len(), + MBEDTLS_DHM_RFC5114_MODP_2048_P, MBEDTLS_DHM_RFC5114_MODP_2048_G, + MBEDTLS_DHM_RFC3526_MODP_2048_P, MBEDTLS_DHM_RFC3526_MODP_2048_G, + MBEDTLS_DHM_RFC3526_MODP_3072_P, MBEDTLS_DHM_RFC3526_MODP_3072_G, + MBEDTLS_DHM_RFC3526_MODP_4096_P, MBEDTLS_DHM_RFC3526_MODP_4096_G. + Remove the deprecated file: include/mbedtls/net.h. Fixes #4282. diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h index 28292d42b..f6314ae1a 100644 --- a/configs/config-psa-crypto.h +++ b/configs/config-psa-crypto.h @@ -397,12 +397,6 @@ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible * with this definition. * - * \note Because of a signature change, the core AES encryption and decryption routines are - * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, - * respectively. When setting up alternative implementations, these functions should - * be overridden, but the wrapper functions mbedtls_internal_aes_decrypt and - * mbedtls_internal_aes_encrypt must stay untouched. - * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES * tables. diff --git a/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md new file mode 100644 index 000000000..8791649de --- /dev/null +++ b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md @@ -0,0 +1,64 @@ +Deprecated functions were removed from AES +------------------------------------------ + +The functions `mbedtls_aes_encrypt()` and `mbedtls_aes_decrypt()` were removed. +Please use `mbedtls_internal_aes_encrypt()` and `mbedtls_internal_aes_decrypt()` +respectively. + +Deprecated functions were removed from bignum +--------------------------------------------- + +The function `mbedtls_mpi_is_prime()` was removed. Please use +`mbedtls_mpi_is_prime_ext()` instead which additionally allows specifying the +number of Miller-Rabin rounds. + +Deprecated functions were removed from cipher +--------------------------------------------- + +The functions `mbedtls_cipher_auth_encrypt()` and +`mbedtls_cipher_auth_decrypt()` were removed. They were superseded by +`mbedtls_cipher_auth_encrypt_ext()` and `mbedtls_cipher_auth_decrypt_ext()` +respectively which additionally support key wrapping algorithms such as +NIST_KW. + +Deprecated functions were removed from DRBGs +-------------------------------------------- + +The functions `mbedtls_ctr_drbg_update()` and `mbedtls_hmac_drbg_update()` +were removed. They were superseded by `mbedtls_ctr_drbg_update_ret()` and +`mbedtls_hmac_drbg_update_ret()` respectively. + +Deprecated functions were removed from ECDSA +-------------------------------------------- + +The functions `mbedtls_ecdsa_write_signature_det()` and +`mbedtls_ecdsa_sign_det()` were removed. They were superseded by +`mbedtls_ecdsa_write_signature()` and `mbedtls_ecdsa_sign_det_ext()` +respectively. + +Deprecated functions were removed from SSL +------------------------------------------ + +The functions `mbedtls_ssl_conf_dh_param()` and +`mbedtls_ssl_get_max_frag_len()` were removed. Please use +`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` and +`mbedtls_ssl_get_output_max_frag_len()` instead. + + +Deprecated hex-encoded primes were removed from DHM +--------------------------------------------------- + +The macros `MBEDTLS_DHM_RFC5114_MODP_2048_P`, `MBEDTLS_DHM_RFC5114_MODP_2048_G`, +`MBEDTLS_DHM_RFC3526_MODP_2048_P`, `MBEDTLS_DHM_RFC3526_MODP_2048_G`, +`MBEDTLS_DHM_RFC3526_MODP_3072_P`, `MBEDTLS_DHM_RFC3526_MODP_3072_G`, +`MBEDTLS_DHM_RFC3526_MODP_4096_P `and `MBEDTLS_DHM_RFC3526_MODP_4096_G` were +removed. The hex-encoded primes from RFC 5114 are deprecated because their +derivation is not documented and therefore their usage constitutes a security +risk. They are removed from the library without replacement. + +Deprecated net.h file was removed +--------------------------------- + +The file `include/mbedtls/net.h` was removed because its only function was to +include `mbedtls/net_sockets.h` which now should be included directly. + diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 53497b31a..e2b6b70da 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -421,12 +421,6 @@ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible * with this definition. * - * \note Because of a signature change, the core AES encryption and decryption routines are - * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, - * respectively. When setting up alternative implementations, these functions should - * be overridden, but the wrapper functions mbedtls_internal_aes_decrypt and - * mbedtls_internal_aes_encrypt must stay untouched. - * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES * tables. @@ -445,9 +439,7 @@ * alternative implementations should use the RNG only for generating * the ephemeral key and nothing else. If this is not possible, then * MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative - * implementation should be provided for mbedtls_ecdsa_sign_det_ext() - * (and for mbedtls_ecdsa_sign_det_ext() too if backward compatibility - * is desirable). + * implementation should be provided for mbedtls_ecdsa_sign_det_ext(). * */ //#define MBEDTLS_MD2_PROCESS_ALT diff --git a/library/ecdsa.c b/library/ecdsa.c index 630d5bdf3..18f4379c5 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -685,7 +685,9 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, ECDSA_VALIDATE_RET( hash != NULL ); ECDSA_VALIDATE_RET( sig != NULL ); ECDSA_VALIDATE_RET( slen != NULL ); - ECDSA_VALIDATE_RET( f_rng != NULL ); + + if( f_rng == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 463f58dc7..3d3f6a329 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -1008,11 +1008,6 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, * of AEAD decryption and AEAD encryption. Check that * this results in the expected plaintext, and that * decryption and encryption are inverse to one another. - * - * Do that twice: - * - once with legacy functions auth_decrypt/auth_encrypt - * - once with new functions auth_decrypt_ext/auth_encrypt_ext - * This allows testing both without duplicating test cases. */ int ret;