From 18efb73743cd44d822034c29f8d12beb55e03eec Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Thu, 29 Apr 2021 23:12:19 +0200 Subject: [PATCH 1/6] Remove deprecated functions and constants. Signed-off-by: TRodziewicz --- ChangeLog.d/issue4282.txt | 2 + configs/config-psa-crypto.h | 4 +- include/mbedtls/aes.h | 38 ---- include/mbedtls/bignum.h | 31 --- include/mbedtls/cipher.h | 127 +----------- include/mbedtls/compat-1.3.h | 14 -- include/mbedtls/config.h | 8 +- include/mbedtls/ctr_drbg.h | 29 --- include/mbedtls/dhm.h | 155 -------------- include/mbedtls/ecdsa.h | 121 +---------- include/mbedtls/hmac_drbg.h | 24 --- include/mbedtls/net.h | 35 ---- include/mbedtls/ssl.h | 54 ----- library/aes.c | 18 -- library/bignum.c | 20 -- library/cipher.c | 56 +----- library/ctr_drbg.c | 15 +- library/ecdsa.c | 114 ++--------- library/hmac_drbg.c | 9 - library/psa_crypto.c | 2 +- library/ssl_msg.c | 6 +- library/ssl_tls.c | 25 --- programs/test/cpp_dummy_build.cpp | 1 - scripts/data_files/rename-1.3-2.0.txt | 13 -- tests/src/drivers/signature.c | 2 +- tests/suites/test_suite_cipher.function | 255 ------------------------ visualc/VS2010/mbedTLS.vcxproj | 1 - 27 files changed, 33 insertions(+), 1146 deletions(-) create mode 100644 ChangeLog.d/issue4282.txt delete mode 100644 include/mbedtls/net.h diff --git a/ChangeLog.d/issue4282.txt b/ChangeLog.d/issue4282.txt new file mode 100644 index 000000000..27d9a281a --- /dev/null +++ b/ChangeLog.d/issue4282.txt @@ -0,0 +1,2 @@ +Removals + * Remove deprecated functions and constants. Fix #4282 diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h index 5635e9891..91fee9779 100644 --- a/configs/config-psa-crypto.h +++ b/configs/config-psa-crypto.h @@ -400,8 +400,8 @@ * \note Because of a signature change, the core AES encryption and decryption routines are * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, * respectively. When setting up alternative implementations, these functions should - * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * must stay untouched. + * be overridden, but the wrapper functions mbedtls_internal_aes_decrypt and + * mbedtls_internal_aes_encrypt must stay untouched. * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 052f47c9d..183367c71 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -617,44 +617,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ); -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -#else -#define MBEDTLS_DEPRECATED -#endif -/** - * \brief Deprecated internal AES block encryption function - * without return value. - * - * \deprecated Superseded by mbedtls_internal_aes_encrypt() - * - * \param ctx The AES context to use for encryption. - * \param input Plaintext block. - * \param output Output (ciphertext) block. - */ -MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); - -/** - * \brief Deprecated internal AES block decryption function - * without return value. - * - * \deprecated Superseded by mbedtls_internal_aes_decrypt() - * - * \param ctx The AES context to use for decryption. - * \param input Ciphertext block. - * \param output Output (plaintext) block. - */ -MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); - -#undef MBEDTLS_DEPRECATED -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ - - #if defined(MBEDTLS_SELF_TEST) /** * \brief Checkup routine. diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 637360e30..073b4a40c 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -904,37 +904,6 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N ); -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -#else -#define MBEDTLS_DEPRECATED -#endif -/** - * \brief Perform a Miller-Rabin primality test with error - * probability of 2-80. - * - * \deprecated Superseded by mbedtls_mpi_is_prime_ext() which allows - * specifying the number of Miller-Rabin rounds. - * - * \param X The MPI to check for primality. - * This must point to an initialized MPI. - * \param f_rng The RNG function to use. This must not be \c NULL. - * \param p_rng The RNG parameter to be passed to \p f_rng. - * This may be \c NULL if \p f_rng doesn't use a - * context parameter. - * - * \return \c 0 if successful, i.e. \p X is probably prime. - * \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed. - * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime. - * \return Another negative error code on other kinds of failure. - */ -MBEDTLS_DEPRECATED int mbedtls_mpi_is_prime( const mbedtls_mpi *X, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); -#undef MBEDTLS_DEPRECATED -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ - /** * \brief Miller-Rabin primality test. * diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 1cafa6ec2..82e8c4158 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -470,8 +470,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, * \param cipher_info The cipher to use. * \param taglen For AEAD ciphers, the length in bytes of the * authentication tag to use. Subsequent uses of - * mbedtls_cipher_auth_encrypt() or - * mbedtls_cipher_auth_decrypt() must provide + * mbedtls_cipher_auth_encrypt_ext() or + * mbedtls_cipher_auth_decrypt_ext() must provide * the same tag length. * For non-AEAD ciphers, the value must be \c 0. * @@ -856,129 +856,6 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen ); -#if defined(MBEDTLS_CIPHER_MODE_AEAD) -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -#else -#define MBEDTLS_DEPRECATED -#endif /* MBEDTLS_DEPRECATED_WARNING */ -/** - * \brief The generic authenticated encryption (AEAD) function. - * - * \deprecated Superseded by mbedtls_cipher_auth_encrypt_ext(). - * - * \note This function only supports AEAD algorithms, not key - * wrapping algorithms such as NIST_KW; for this, see - * mbedtls_cipher_auth_encrypt_ext(). - * - * \param ctx The generic cipher context. This must be initialized and - * bound to a key associated with an AEAD algorithm. - * \param iv The nonce to use. This must be a readable buffer of - * at least \p iv_len Bytes and must not be \c NULL. - * \param iv_len The length of the nonce. This must satisfy the - * constraints imposed by the AEAD cipher used. - * \param ad The additional data to authenticate. This must be a - * readable buffer of at least \p ad_len Bytes, and may - * be \c NULL is \p ad_len is \c 0. - * \param ad_len The length of \p ad. - * \param input The buffer holding the input data. This must be a - * readable buffer of at least \p ilen Bytes, and may be - * \c NULL if \p ilen is \c 0. - * \param ilen The length of the input data. - * \param output The buffer for the output data. This must be a - * writable buffer of at least \p ilen Bytes, and must - * not be \c NULL. - * \param olen This will be filled with the actual number of Bytes - * written to the \p output buffer. This must point to a - * writable object of type \c size_t. - * \param tag The buffer for the authentication tag. This must be a - * writable buffer of at least \p tag_len Bytes. See note - * below regarding restrictions with PSA-based contexts. - * \param tag_len The desired length of the authentication tag. This - * must match the constraints imposed by the AEAD cipher - * used, and in particular must not be \c 0. - * - * \note If the context is based on PSA (that is, it was set up - * with mbedtls_cipher_setup_psa()), then it is required - * that \c tag == output + ilen. That is, the tag must be - * appended to the ciphertext as recommended by RFC 5116. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on - * parameter-verification failure. - * \return A cipher-specific error code on failure. - */ -int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - unsigned char *tag, size_t tag_len ) - MBEDTLS_DEPRECATED; - -/** - * \brief The generic authenticated decryption (AEAD) function. - * - * \deprecated Superseded by mbedtls_cipher_auth_decrypt_ext(). - * - * \note This function only supports AEAD algorithms, not key - * wrapping algorithms such as NIST_KW; for this, see - * mbedtls_cipher_auth_decrypt_ext(). - * - * \note If the data is not authentic, then the output buffer - * is zeroed out to prevent the unauthentic plaintext being - * used, making this interface safer. - * - * \param ctx The generic cipher context. This must be initialized and - * bound to a key associated with an AEAD algorithm. - * \param iv The nonce to use. This must be a readable buffer of - * at least \p iv_len Bytes and must not be \c NULL. - * \param iv_len The length of the nonce. This must satisfy the - * constraints imposed by the AEAD cipher used. - * \param ad The additional data to authenticate. This must be a - * readable buffer of at least \p ad_len Bytes, and may - * be \c NULL is \p ad_len is \c 0. - * \param ad_len The length of \p ad. - * \param input The buffer holding the input data. This must be a - * readable buffer of at least \p ilen Bytes, and may be - * \c NULL if \p ilen is \c 0. - * \param ilen The length of the input data. - * \param output The buffer for the output data. This must be a - * writable buffer of at least \p ilen Bytes, and must - * not be \c NULL. - * \param olen This will be filled with the actual number of Bytes - * written to the \p output buffer. This must point to a - * writable object of type \c size_t. - * \param tag The buffer for the authentication tag. This must be a - * readable buffer of at least \p tag_len Bytes. See note - * below regarding restrictions with PSA-based contexts. - * \param tag_len The length of the authentication tag. This must match - * the constraints imposed by the AEAD cipher used, and in - * particular must not be \c 0. - * - * \note If the context is based on PSA (that is, it was set up - * with mbedtls_cipher_setup_psa()), then it is required - * that \c tag == input + len. That is, the tag must be - * appended to the ciphertext as recommended by RFC 5116. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on - * parameter-verification failure. - * \return #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic. - * \return A cipher-specific error code on failure. - */ -int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - const unsigned char *tag, size_t tag_len ) - MBEDTLS_DEPRECATED; -#undef MBEDTLS_DEPRECATED -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_CIPHER_MODE_AEAD */ - #if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) /** * \brief The authenticated encryption (AEAD/NIST_KW) function. diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h index c42381210..00597f2cf 100644 --- a/include/mbedtls/compat-1.3.h +++ b/include/mbedtls/compat-1.3.h @@ -998,12 +998,6 @@ #define POLARSSL_DECRYPT MBEDTLS_DECRYPT #define POLARSSL_DES_H MBEDTLS_DES_H #define POLARSSL_DHM_H MBEDTLS_DHM_H -#define POLARSSL_DHM_RFC3526_MODP_2048_G MBEDTLS_DHM_RFC3526_MODP_2048_G -#define POLARSSL_DHM_RFC3526_MODP_2048_P MBEDTLS_DHM_RFC3526_MODP_2048_P -#define POLARSSL_DHM_RFC3526_MODP_3072_G MBEDTLS_DHM_RFC3526_MODP_3072_G -#define POLARSSL_DHM_RFC3526_MODP_3072_P MBEDTLS_DHM_RFC3526_MODP_3072_P -#define POLARSSL_DHM_RFC5114_MODP_2048_G MBEDTLS_DHM_RFC5114_MODP_2048_G -#define POLARSSL_DHM_RFC5114_MODP_2048_P MBEDTLS_DHM_RFC5114_MODP_2048_P #define POLARSSL_ECDH_H MBEDTLS_ECDH_H #define POLARSSL_ECDH_OURS MBEDTLS_ECDH_OURS #define POLARSSL_ECDH_THEIRS MBEDTLS_ECDH_THEIRS @@ -1786,8 +1780,6 @@ #define ccm_free mbedtls_ccm_free #define ccm_init mbedtls_ccm_init #define ccm_self_test mbedtls_ccm_self_test -#define cipher_auth_decrypt mbedtls_cipher_auth_decrypt -#define cipher_auth_encrypt mbedtls_cipher_auth_encrypt #define cipher_base_t mbedtls_cipher_base_t #define cipher_check_tag mbedtls_cipher_check_tag #define cipher_context_t mbedtls_cipher_context_t @@ -1831,7 +1823,6 @@ #define ctr_drbg_set_entropy_len mbedtls_ctr_drbg_set_entropy_len #define ctr_drbg_set_prediction_resistance mbedtls_ctr_drbg_set_prediction_resistance #define ctr_drbg_set_reseed_interval mbedtls_ctr_drbg_set_reseed_interval -#define ctr_drbg_update mbedtls_ctr_drbg_update #define ctr_drbg_update_seed_file mbedtls_ctr_drbg_update_seed_file #define ctr_drbg_write_seed_file mbedtls_ctr_drbg_write_seed_file #define debug_print_buf mbedtls_debug_print_buf @@ -1892,10 +1883,8 @@ #define ecdsa_init mbedtls_ecdsa_init #define ecdsa_read_signature mbedtls_ecdsa_read_signature #define ecdsa_sign mbedtls_ecdsa_sign -#define ecdsa_sign_det mbedtls_ecdsa_sign_det #define ecdsa_verify mbedtls_ecdsa_verify #define ecdsa_write_signature mbedtls_ecdsa_write_signature -#define ecdsa_write_signature_det mbedtls_ecdsa_write_signature_det #define eckey_info mbedtls_eckey_info #define eckeydh_info mbedtls_eckeydh_info #define ecp_check_privkey mbedtls_ecp_check_privkey @@ -1967,7 +1956,6 @@ #define hmac_drbg_set_entropy_len mbedtls_hmac_drbg_set_entropy_len #define hmac_drbg_set_prediction_resistance mbedtls_hmac_drbg_set_prediction_resistance #define hmac_drbg_set_reseed_interval mbedtls_hmac_drbg_set_reseed_interval -#define hmac_drbg_update mbedtls_hmac_drbg_update #define hmac_drbg_update_seed_file mbedtls_hmac_drbg_update_seed_file #define hmac_drbg_write_seed_file mbedtls_hmac_drbg_write_seed_file #define hr_time mbedtls_timing_hr_time @@ -2053,7 +2041,6 @@ #define mpi_grow mbedtls_mpi_grow #define mpi_init mbedtls_mpi_init #define mpi_inv_mod mbedtls_mpi_inv_mod -#define mpi_is_prime mbedtls_mpi_is_prime #define mpi_lsb mbedtls_mpi_lsb #define mpi_lset mbedtls_mpi_lset #define mpi_mod_int mbedtls_mpi_mod_int @@ -2352,7 +2339,6 @@ #define ssl_set_client_transport_id mbedtls_ssl_set_client_transport_id #define ssl_set_curves mbedtls_ssl_conf_curves #define ssl_set_dbg mbedtls_ssl_conf_dbg -#define ssl_set_dh_param mbedtls_ssl_conf_dh_param #define ssl_set_dh_param_ctx mbedtls_ssl_conf_dh_param_ctx #define ssl_set_dtls_anti_replay mbedtls_ssl_conf_dtls_anti_replay #define ssl_set_dtls_badmac_limit mbedtls_ssl_conf_dtls_badmac_limit diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 46941e27f..e2a65e8b3 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -424,8 +424,8 @@ * \note Because of a signature change, the core AES encryption and decryption routines are * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, * respectively. When setting up alternative implementations, these functions should - * be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * must stay untouched. + * be overridden, but the wrapper functions mbedtls_internal_aes_decrypt and + * mbedtls_internal_aes_encrypt must stay untouched. * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES @@ -446,8 +446,8 @@ * the ephemeral key and nothing else. If this is not possible, then * MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative * implementation should be provided for mbedtls_ecdsa_sign_det_ext() - * (and for mbedtls_ecdsa_sign_det() too if backward compatibility is - * desirable). + * (and for mbedtls_ecdsa_sign_det_ext() too if backward compatibility + * is desirable). * */ //#define MBEDTLS_MD2_PROCESS_ALT diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 7f1d23253..b84ab83a5 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -487,35 +487,6 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng, int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output, size_t output_len ); - -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -#else -#define MBEDTLS_DEPRECATED -#endif -/** - * \brief This function updates the state of the CTR_DRBG context. - * - * \deprecated Superseded by mbedtls_ctr_drbg_update_ret() - * in 2.16.0. - * - * \note If \p add_len is greater than - * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT, only the first - * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT Bytes are used. - * The remaining Bytes are silently discarded. - * - * \param ctx The CTR_DRBG context. - * \param additional The data to update the state with. - * \param add_len Length of \p additional data. - */ -MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update( - mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ); -#undef MBEDTLS_DEPRECATED -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ - #if defined(MBEDTLS_FS_IO) /** * \brief This function writes a seed file. diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index c7830b9ee..16dd1656e 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -386,161 +386,6 @@ int mbedtls_dhm_self_test( int verbose ); * */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - -/** - * \warning The origin of the primes in RFC 5114 is not documented and - * their use therefore constitutes a security risk! - * - * \deprecated The hex-encoded primes from RFC 5114 are deprecated and are - * likely to be removed in a future version of the library without - * replacement. - */ - -/** - * The hexadecimal presentation of the prime underlying the - * 2048-bit MODP Group with 224-bit Prime Order Subgroup, as defined - * in RFC-5114: Additional Diffie-Hellman Groups for Use with - * IETF Standards. - */ -#define MBEDTLS_DHM_RFC5114_MODP_2048_P \ - MBEDTLS_DEPRECATED_STRING_CONSTANT( \ - "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \ - "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \ - "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \ - "9037C9EDEFDA4DF8D91E8FEF55B7394B7AD5B7D0B6C12207" \ - "C9F98D11ED34DBF6C6BA0B2C8BBC27BE6A00E0A0B9C49708" \ - "B3BF8A317091883681286130BC8985DB1602E714415D9330" \ - "278273C7DE31EFDC7310F7121FD5A07415987D9ADC0A486D" \ - "CDF93ACC44328387315D75E198C641A480CD86A1B9E587E8" \ - "BE60E69CC928B2B9C52172E413042E9B23F10B0E16E79763" \ - "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \ - "CF9DE5384E71B81C0AC4DFFE0C10E64F" ) - -/** - * The hexadecimal presentation of the chosen generator of the 2048-bit MODP - * Group with 224-bit Prime Order Subgroup, as defined in RFC-5114: - * Additional Diffie-Hellman Groups for Use with IETF Standards. - */ -#define MBEDTLS_DHM_RFC5114_MODP_2048_G \ - MBEDTLS_DEPRECATED_STRING_CONSTANT( \ - "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF" \ - "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA" \ - "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7" \ - "C17669101999024AF4D027275AC1348BB8A762D0521BC98A" \ - "E247150422EA1ED409939D54DA7460CDB5F6C6B250717CBE" \ - "F180EB34118E98D119529A45D6F834566E3025E316A330EF" \ - "BB77A86F0C1AB15B051AE3D428C8F8ACB70A8137150B8EEB" \ - "10E183EDD19963DDD9E263E4770589EF6AA21E7F5F2FF381" \ - "B539CCE3409D13CD566AFBB48D6C019181E1BCFE94B30269" \ - "EDFE72FE9B6AA4BD7B5A0F1C71CFFF4C19C418E1F6EC0179" \ - "81BC087F2A7065B384B890D3191F2BFA" ) - -/** - * The hexadecimal presentation of the prime underlying the 2048-bit MODP - * Group, as defined in RFC-3526: More Modular Exponential (MODP) - * Diffie-Hellman groups for Internet Key Exchange (IKE). - * - * \deprecated The hex-encoded primes from RFC 3625 are deprecated and - * superseded by the corresponding macros providing them as - * binary constants. Their hex-encoded constants are likely - * to be removed in a future version of the library. - * - */ -#define MBEDTLS_DHM_RFC3526_MODP_2048_P \ - MBEDTLS_DEPRECATED_STRING_CONSTANT( \ - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \ - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \ - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \ - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \ - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \ - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \ - "15728E5A8AACAA68FFFFFFFFFFFFFFFF" ) - -/** - * The hexadecimal presentation of the chosen generator of the 2048-bit MODP - * Group, as defined in RFC-3526: More Modular Exponential (MODP) - * Diffie-Hellman groups for Internet Key Exchange (IKE). - */ -#define MBEDTLS_DHM_RFC3526_MODP_2048_G \ - MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" ) - -/** - * The hexadecimal presentation of the prime underlying the 3072-bit MODP - * Group, as defined in RFC-3072: More Modular Exponential (MODP) - * Diffie-Hellman groups for Internet Key Exchange (IKE). - */ -#define MBEDTLS_DHM_RFC3526_MODP_3072_P \ - MBEDTLS_DEPRECATED_STRING_CONSTANT( \ - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \ - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \ - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \ - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \ - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \ - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \ - "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \ - "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \ - "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \ - "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \ - "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \ - "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" ) - -/** - * The hexadecimal presentation of the chosen generator of the 3072-bit MODP - * Group, as defined in RFC-3526: More Modular Exponential (MODP) - * Diffie-Hellman groups for Internet Key Exchange (IKE). - */ -#define MBEDTLS_DHM_RFC3526_MODP_3072_G \ - MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" ) - -/** - * The hexadecimal presentation of the prime underlying the 4096-bit MODP - * Group, as defined in RFC-3526: More Modular Exponential (MODP) - * Diffie-Hellman groups for Internet Key Exchange (IKE). - */ -#define MBEDTLS_DHM_RFC3526_MODP_4096_P \ - MBEDTLS_DEPRECATED_STRING_CONSTANT( \ - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \ - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \ - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \ - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" \ - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" \ - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" \ - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" \ - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" \ - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" \ - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \ - "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" \ - "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" \ - "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" \ - "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" \ - "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \ - "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" \ - "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" \ - "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" \ - "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" \ - "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" \ - "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" \ - "FFFFFFFFFFFFFFFF" ) - -/** - * The hexadecimal presentation of the chosen generator of the 4096-bit MODP - * Group, as defined in RFC-3526: More Modular Exponential (MODP) - * Diffie-Hellman groups for Internet Key Exchange (IKE). - */ -#define MBEDTLS_DHM_RFC3526_MODP_4096_G \ - MBEDTLS_DEPRECATED_STRING_CONSTANT( "02" ) - -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /* * Trustworthy DHM parameters in binary form */ diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 264a638bb..525de5da1 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -138,7 +138,7 @@ int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid ); * previously-hashed message. * * \note The deterministic version implemented in - * mbedtls_ecdsa_sign_det() is usually preferred. + * mbedtls_ecdsa_sign_det_ext() is usually preferred. * * \note If the bitlength of the message hash is larger than the * bitlength of the group order, then the hash is truncated @@ -174,67 +174,6 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); #if defined(MBEDTLS_ECDSA_DETERMINISTIC) -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -#else -#define MBEDTLS_DEPRECATED -#endif -/** - * \brief This function computes the ECDSA signature of a - * previously-hashed message, deterministic version. - * - * For more information, see RFC-6979: Deterministic - * Usage of the Digital Signature Algorithm (DSA) and Elliptic - * Curve Digital Signature Algorithm (ECDSA). - * - * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated as - * defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography, section - * 4.1.3, step 5. - * - * \warning Since the output of the internal RNG is always the same for - * the same key and message, this limits the efficiency of - * blinding and leaks information through side channels. For - * secure behavior use mbedtls_ecdsa_sign_det_ext() instead. - * - * (Optimally the blinding is a random value that is different - * on every execution. In this case the blinding is still - * random from the attackers perspective, but is the same on - * each execution. This means that this blinding does not - * prevent attackers from recovering secrets by combining - * several measurement traces, but may prevent some attacks - * that exploit relationships between secret data.) - * - * \see ecp.h - * - * \param grp The context for the elliptic curve to use. - * This must be initialized and have group parameters - * set, for example through mbedtls_ecp_group_load(). - * \param r The MPI context in which to store the first part - * the signature. This must be initialized. - * \param s The MPI context in which to store the second part - * the signature. This must be initialized. - * \param d The private signing key. This must be initialized - * and setup, for example through mbedtls_ecp_gen_privkey(). - * \param buf The hashed content to be signed. This must be a readable - * buffer of length \p blen Bytes. It may be \c NULL if - * \p blen is zero. - * \param blen The length of \p buf in Bytes. - * \param md_alg The hash algorithm used to hash the original data. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX - * error code on failure. - */ -int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, - mbedtls_mpi *s, const mbedtls_mpi *d, - const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED; -#undef MBEDTLS_DEPRECATED -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /** * \brief This function computes the ECDSA signature of a * previously-hashed message, deterministic version. @@ -421,64 +360,6 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, void *p_rng, mbedtls_ecdsa_restart_ctx *rs_ctx ); -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -#else -#define MBEDTLS_DEPRECATED -#endif -/** - * \brief This function computes an ECDSA signature and writes - * it to a buffer, serialized as defined in RFC-4492: - * Elliptic Curve Cryptography (ECC) Cipher Suites for - * Transport Layer Security (TLS). - * - * The deterministic version is defined in RFC-6979: - * Deterministic Usage of the Digital Signature Algorithm (DSA) - * and Elliptic Curve Digital Signature Algorithm (ECDSA). - * - * \warning It is not thread-safe to use the same context in - * multiple threads. - * - * \note If the bitlength of the message hash is larger than the - * bitlength of the group order, then the hash is truncated as - * defined in Standards for Efficient Cryptography Group - * (SECG): SEC1 Elliptic Curve Cryptography, section - * 4.1.3, step 5. - * - * \see ecp.h - * - * \deprecated Superseded by mbedtls_ecdsa_write_signature() in - * Mbed TLS version 2.0 and later. - * - * \param ctx The ECDSA context to use. This must be initialized - * and have a group and private key bound to it, for example - * via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair(). - * \param hash The message hash to be signed. This must be a readable - * buffer of length \p blen Bytes. - * \param hlen The length of the hash \p hash in Bytes. - * \param sig The buffer to which to write the signature. This must be a - * writable buffer of length at least twice as large as the - * size of the curve used, plus 9. For example, 73 Bytes if - * a 256-bit curve is used. A buffer length of - * #MBEDTLS_ECDSA_MAX_LEN is always safe. - * \param slen The address at which to store the actual length of - * the signature written. Must not be \c NULL. - * \param md_alg The message digest that was used to hash the message. - * - * \return \c 0 on success. - * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or - * \c MBEDTLS_ERR_ASN1_XXX error code on failure. - */ -int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED; -#undef MBEDTLS_DEPRECATED -#endif /* MBEDTLS_DEPRECATED_REMOVED */ -#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ - /** * \brief This function reads and verifies an ECDSA signature. * diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index 91165415f..f8536e74e 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -345,30 +345,6 @@ int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len */ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx ); -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -#else -#define MBEDTLS_DEPRECATED -#endif -/** - * \brief This function updates the state of the HMAC_DRBG context. - * - * \deprecated Superseded by mbedtls_hmac_drbg_update_ret() - * in 2.16.0. - * - * \param ctx The HMAC_DRBG context. - * \param additional The data to update the state with. - * If this is \c NULL, there is no additional data. - * \param add_len Length of \p additional in bytes. - * Unused if \p additional is \c NULL. - */ -MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update( - mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t add_len ); -#undef MBEDTLS_DEPRECATED -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ - #if defined(MBEDTLS_FS_IO) /** * \brief This function writes a seed file. diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h deleted file mode 100644 index 66921887d..000000000 --- a/include/mbedtls/net.h +++ /dev/null @@ -1,35 +0,0 @@ -/** - * \file net.h - * - * \brief Deprecated header file that includes net_sockets.h - * - * \deprecated Superseded by mbedtls/net_sockets.h - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -#include "mbedtls/net_sockets.h" -#if defined(MBEDTLS_DEPRECATED_WARNING) -#warning "Deprecated header file: Superseded by mbedtls/net_sockets.h" -#endif /* MBEDTLS_DEPRECATED_WARNING */ -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7815ad9d0..0413196fa 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2914,34 +2914,6 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -#else -#define MBEDTLS_DEPRECATED -#endif - -/** - * \brief Set the Diffie-Hellman public P and G values, - * read as hexadecimal strings (server-side only) - * (Default values: MBEDTLS_DHM_RFC3526_MODP_2048_[PG]) - * - * \param conf SSL configuration - * \param dhm_P Diffie-Hellman-Merkle modulus - * \param dhm_G Diffie-Hellman-Merkle generator - * - * \deprecated Superseded by \c mbedtls_ssl_conf_dh_param_bin. - * - * \return 0 if successful - */ -MBEDTLS_DEPRECATED int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, - const char *dhm_P, - const char *dhm_G ); - -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /** * \brief Set the Diffie-Hellman public P and G values * from big-endian binary presentations. @@ -3741,32 +3713,6 @@ size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ); * \return Current maximum fragment length for the output buffer. */ size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ); - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) - -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -#else -#define MBEDTLS_DEPRECATED -#endif - -/** - * \brief This function is a deprecated approach to getting the max - * fragment length. Its an alias for - * \c mbedtls_ssl_get_output_max_frag_len(), as the behaviour - * is the same. See \c mbedtls_ssl_get_output_max_frag_len() for - * more detail. - * - * \sa mbedtls_ssl_get_input_max_frag_len() - * \sa mbedtls_ssl_get_output_max_frag_len() - * - * \param ssl SSL context - * - * \return Current maximum fragment length for the output buffer. - */ -MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len( - const mbedtls_ssl_context *ssl ); -#endif /* MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ /** diff --git a/library/aes.c b/library/aes.c index 3f616427a..165b9e731 100644 --- a/library/aes.c +++ b/library/aes.c @@ -921,15 +921,6 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_encrypt( ctx, input, output ); -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ - /* * AES-ECB block decryption */ @@ -994,15 +985,6 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_decrypt( ctx, input, output ); -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ - /* * AES-ECB block encryption/decryption */ diff --git a/library/bignum.c b/library/bignum.c index 9cc5d66e3..aa9f0b1ee 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2691,26 +2691,6 @@ int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds, return( mpi_miller_rabin( &XX, rounds, f_rng, p_rng ) ); } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/* - * Pseudo-primality test, error probability 2^-80 - */ -int mbedtls_mpi_is_prime( const mbedtls_mpi *X, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - MPI_VALIDATE_RET( X != NULL ); - MPI_VALIDATE_RET( f_rng != NULL ); - - /* - * In the past our key generation aimed for an error rate of at most - * 2^-80. Since this function is deprecated, aim for the same certainty - * here as well. - */ - return( mbedtls_mpi_is_prime_ext( X, 40, f_rng, p_rng ) ); -} -#endif - /* * Prime number generation * diff --git a/library/cipher.c b/library/cipher.c index 457f8f660..eab48b85f 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -1288,8 +1288,8 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx, #if defined(MBEDTLS_CIPHER_MODE_AEAD) /* - * Packet-oriented encryption for AEAD modes: internal function shared by - * mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext(). + * Packet-oriented encryption for AEAD modes: internal function used by + * mbedtls_cipher_auth_encrypt_ext(). */ static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, @@ -1368,8 +1368,8 @@ static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx, } /* - * Packet-oriented encryption for AEAD modes: internal function shared by - * mbedtls_cipher_auth_encrypt() and mbedtls_cipher_auth_encrypt_ext(). + * Packet-oriented encryption for AEAD modes: internal function used by + * mbedtls_cipher_auth_encrypt_ext(). */ static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx, const unsigned char *iv, size_t iv_len, @@ -1468,54 +1468,6 @@ static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx, return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); } - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -/* - * Packet-oriented encryption for AEAD modes: public legacy function. - */ -int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - unsigned char *tag, size_t tag_len ) -{ - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); - CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); - - return( mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len, - input, ilen, output, olen, - tag, tag_len ) ); -} - -/* - * Packet-oriented decryption for AEAD modes: public legacy function. - */ -int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, - const unsigned char *iv, size_t iv_len, - const unsigned char *ad, size_t ad_len, - const unsigned char *input, size_t ilen, - unsigned char *output, size_t *olen, - const unsigned char *tag, size_t tag_len ) -{ - CIPHER_VALIDATE_RET( ctx != NULL ); - CIPHER_VALIDATE_RET( iv_len == 0 || iv != NULL ); - CIPHER_VALIDATE_RET( ad_len == 0 || ad != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || input != NULL ); - CIPHER_VALIDATE_RET( ilen == 0 || output != NULL ); - CIPHER_VALIDATE_RET( olen != NULL ); - CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); - - return( mbedtls_cipher_aead_decrypt( ctx, iv, iv_len, ad, ad_len, - input, ilen, output, olen, - tag, tag_len ) ); -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_CIPHER_MODE_AEAD */ #if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 3815dc7ca..f7998dbc7 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -309,7 +309,7 @@ exit: } /* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2) - * mbedtls_ctr_drbg_update(ctx, additional, add_len) + * mbedtls_ctr_drbg_update_ret(ctx, additional, add_len) * implements * CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string, * security_strength) -> initial_working_state @@ -340,19 +340,6 @@ exit: return( ret ); } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ) -{ - /* MAX_INPUT would be more logical here, but we have to match - * block_cipher_df()'s limits since we can't propagate errors */ - if( add_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ) - add_len = MBEDTLS_CTR_DRBG_MAX_SEED_INPUT; - (void) mbedtls_ctr_drbg_update_ret( ctx, additional, add_len ); -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /* CTR_DRBG_Reseed with derivation function (SP 800-90A §10.2.1.4.2) * mbedtls_ctr_drbg_reseed(ctx, additional, len, nonce_len) * implements diff --git a/library/ecdsa.c b/library/ecdsa.c index 22fb5e38d..dfdd0b46b 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -416,6 +416,9 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, #if defined(MBEDTLS_ECDSA_DETERMINISTIC) /* * Deterministic signature wrapper + * + * \note The f_rng_blind parameter must not be \c NULL. + * */ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, @@ -469,69 +472,9 @@ sign: ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, mbedtls_hmac_drbg_random, p_rng ); #else - if( f_rng_blind != NULL ) - ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, p_rng, - f_rng_blind, p_rng_blind, rs_ctx ); - else - { - mbedtls_hmac_drbg_context *p_rng_blind_det; - -#if !defined(MBEDTLS_ECP_RESTARTABLE) - /* - * To avoid reusing rng_ctx and risking incorrect behavior we seed a - * second HMAC-DRBG with the same seed. We also apply a label to avoid - * reusing the bits of the ephemeral key for blinding and eliminate the - * risk that they leak this way. - */ - const char* blind_label = "BLINDING CONTEXT"; - mbedtls_hmac_drbg_context rng_ctx_blind; - - mbedtls_hmac_drbg_init( &rng_ctx_blind ); - p_rng_blind_det = &rng_ctx_blind; - mbedtls_hmac_drbg_seed_buf( p_rng_blind_det, md_info, - data, 2 * grp_len ); - ret = mbedtls_hmac_drbg_update_ret( p_rng_blind_det, - (const unsigned char*) blind_label, - strlen( blind_label ) ); - if( ret != 0 ) - { - mbedtls_hmac_drbg_free( &rng_ctx_blind ); - goto cleanup; - } -#else - /* - * In the case of restartable computations we would either need to store - * the second RNG in the restart context too or set it up at every - * restart. The first option would penalize the correct application of - * the function and the second would defeat the purpose of the - * restartable feature. - * - * Therefore in this case we reuse the original RNG. This comes with the - * price that the resulting signature might not be a valid deterministic - * ECDSA signature with a very low probability (same magnitude as - * successfully guessing the private key). However even then it is still - * a valid ECDSA signature. - */ - p_rng_blind_det = p_rng; -#endif /* MBEDTLS_ECP_RESTARTABLE */ - - /* - * Since the output of the RNGs is always the same for the same key and - * message, this limits the efficiency of blinding and leaks information - * through side channels. After mbedtls_ecdsa_sign_det() is removed NULL - * won't be a valid value for f_rng_blind anymore. Therefore it should - * be checked by the caller and this branch and check can be removed. - */ - ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, p_rng, - mbedtls_hmac_drbg_random, p_rng_blind_det, - rs_ctx ); - -#if !defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_hmac_drbg_free( &rng_ctx_blind ); -#endif - } + ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, p_rng, + f_rng_blind, p_rng_blind, rs_ctx ); #endif /* MBEDTLS_ECDSA_SIGN_ALT */ cleanup: @@ -544,26 +487,8 @@ cleanup: } /* - * Deterministic signature wrappers + * Deterministic signature wrapper */ - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, - mbedtls_mpi *s, const mbedtls_mpi *d, - const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg ) -{ - ECDSA_VALIDATE_RET( grp != NULL ); - ECDSA_VALIDATE_RET( r != NULL ); - ECDSA_VALIDATE_RET( s != NULL ); - ECDSA_VALIDATE_RET( d != NULL ); - ECDSA_VALIDATE_RET( buf != NULL || blen == 0 ); - - return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg, - NULL, NULL, NULL ) ); -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, const mbedtls_mpi *d, const unsigned char *buf, size_t blen, @@ -750,10 +675,11 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi r, s; - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( hash != NULL ); - ECDSA_VALIDATE_RET( sig != NULL ); - ECDSA_VALIDATE_RET( slen != NULL ); + ECDSA_VALIDATE_RET( ctx != NULL ); + ECDSA_VALIDATE_RET( hash != NULL ); + ECDSA_VALIDATE_RET( sig != NULL ); + ECDSA_VALIDATE_RET( slen != NULL ); + ECDSA_VALIDATE_RET( f_rng != NULL ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); @@ -803,22 +729,6 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, ctx, md_alg, hash, hlen, sig, slen, f_rng, p_rng, NULL ) ); } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) && \ - defined(MBEDTLS_ECDSA_DETERMINISTIC) -int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx, - const unsigned char *hash, size_t hlen, - unsigned char *sig, size_t *slen, - mbedtls_md_type_t md_alg ) -{ - ECDSA_VALIDATE_RET( ctx != NULL ); - ECDSA_VALIDATE_RET( hash != NULL ); - ECDSA_VALIDATE_RET( sig != NULL ); - ECDSA_VALIDATE_RET( slen != NULL ); - return( mbedtls_ecdsa_write_signature( ctx, md_alg, hash, hlen, sig, slen, - NULL, NULL ) ); -} -#endif - /* * Read and check signature */ diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 25a022583..bd14b3cce 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -108,15 +108,6 @@ exit: return( ret ); } -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ) -{ - (void) mbedtls_hmac_drbg_update_ret( ctx, additional, add_len ); -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - /* * Simplified HMAC_DRBG initialisation (for use with deterministic ECDSA) */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b7c459166..111fd59cc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3809,7 +3809,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa, #if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) /* `ecp` cannot be const because `ecp->grp` needs to be non-const - * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det() + * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det_ext() * (even though these functions don't modify it). */ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, psa_algorithm_t alg, diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 72f09bb42..4a694f1f4 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -858,7 +858,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, &rec->data_len, transform->taglen ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt_ext", ret ); return( ret ); } MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", @@ -1414,7 +1414,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * explicit_iv_len Bytes preceeding data, and taglen * bytes following data + data_len. This justifies * the debug message and the invocation of - * mbedtls_cipher_auth_decrypt() below. */ + * mbedtls_cipher_auth_decrypt_ext() below. */ MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen ); MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", data + rec->data_len, @@ -1430,7 +1430,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, data, rec->buf_len - (data - rec->buf), &olen, /* dst */ transform->taglen ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt_ext", ret ); if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ) return( MBEDTLS_ERR_SSL_INVALID_MAC ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 336cbea37..ecdbe8e81 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4532,24 +4532,6 @@ void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf, #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C) - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -int mbedtls_ssl_conf_dh_param( mbedtls_ssl_config *conf, const char *dhm_P, const char *dhm_G ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - - if( ( ret = mbedtls_mpi_read_string( &conf->dhm_P, 16, dhm_P ) ) != 0 || - ( ret = mbedtls_mpi_read_string( &conf->dhm_G, 16, dhm_G ) ) != 0 ) - { - mbedtls_mpi_free( &conf->dhm_P ); - mbedtls_mpi_free( &conf->dhm_G ); - return( ret ); - } - - return( 0 ); -} -#endif /* MBEDTLS_DEPRECATED_REMOVED */ - int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf, const unsigned char *dhm_P, size_t P_len, const unsigned char *dhm_G, size_t G_len ) @@ -5084,13 +5066,6 @@ size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ) return( max_len ); } - -#if !defined(MBEDTLS_DEPRECATED_REMOVED) -size_t mbedtls_ssl_get_max_frag_len( const mbedtls_ssl_context *ssl ) -{ - return mbedtls_ssl_get_output_max_frag_len( ssl ); -} -#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp index db756a156..9e32a0ee9 100644 --- a/programs/test/cpp_dummy_build.cpp +++ b/programs/test/cpp_dummy_build.cpp @@ -64,7 +64,6 @@ #include "mbedtls/md4.h" #include "mbedtls/md5.h" #include "mbedtls/md_internal.h" -#include "mbedtls/net.h" #include "mbedtls/net_sockets.h" #include "mbedtls/nist_kw.h" #include "mbedtls/oid.h" diff --git a/scripts/data_files/rename-1.3-2.0.txt b/scripts/data_files/rename-1.3-2.0.txt index 8fab36397..c5f673870 100644 --- a/scripts/data_files/rename-1.3-2.0.txt +++ b/scripts/data_files/rename-1.3-2.0.txt @@ -397,14 +397,8 @@ POLARSSL_DHM_C MBEDTLS_DHM_C POLARSSL_DHM_H MBEDTLS_DHM_H POLARSSL_DHM_RFC2409_MODP_1024_G MBEDTLS_DHM_RFC2409_MODP_1024_G POLARSSL_DHM_RFC2409_MODP_1024_P MBEDTLS_DHM_RFC2409_MODP_1024_P -POLARSSL_DHM_RFC3526_MODP_2048_G MBEDTLS_DHM_RFC3526_MODP_2048_G -POLARSSL_DHM_RFC3526_MODP_2048_P MBEDTLS_DHM_RFC3526_MODP_2048_P -POLARSSL_DHM_RFC3526_MODP_3072_G MBEDTLS_DHM_RFC3526_MODP_3072_G -POLARSSL_DHM_RFC3526_MODP_3072_P MBEDTLS_DHM_RFC3526_MODP_3072_P POLARSSL_DHM_RFC5114_MODP_1024_G MBEDTLS_DHM_RFC5114_MODP_1024_G POLARSSL_DHM_RFC5114_MODP_1024_P MBEDTLS_DHM_RFC5114_MODP_1024_P -POLARSSL_DHM_RFC5114_MODP_2048_G MBEDTLS_DHM_RFC5114_MODP_2048_G -POLARSSL_DHM_RFC5114_MODP_2048_P MBEDTLS_DHM_RFC5114_MODP_2048_P POLARSSL_ECDH_C MBEDTLS_ECDH_C POLARSSL_ECDH_H MBEDTLS_ECDH_H POLARSSL_ECDH_OURS MBEDTLS_ECDH_OURS @@ -1366,8 +1360,6 @@ ccm_encrypt_and_tag mbedtls_ccm_encrypt_and_tag ccm_free mbedtls_ccm_free ccm_init mbedtls_ccm_init ccm_self_test mbedtls_ccm_self_test -cipher_auth_decrypt mbedtls_cipher_auth_decrypt -cipher_auth_encrypt mbedtls_cipher_auth_encrypt cipher_base_t mbedtls_cipher_base_t cipher_check_tag mbedtls_cipher_check_tag cipher_context_t mbedtls_cipher_context_t @@ -1414,7 +1406,6 @@ ctr_drbg_self_test mbedtls_ctr_drbg_self_test ctr_drbg_set_entropy_len mbedtls_ctr_drbg_set_entropy_len ctr_drbg_set_prediction_resistance mbedtls_ctr_drbg_set_prediction_resistance ctr_drbg_set_reseed_interval mbedtls_ctr_drbg_set_reseed_interval -ctr_drbg_update mbedtls_ctr_drbg_update ctr_drbg_update_seed_file mbedtls_ctr_drbg_update_seed_file ctr_drbg_write_seed_file mbedtls_ctr_drbg_write_seed_file debug_fmt mbedtls_debug_fmt @@ -1479,10 +1470,8 @@ ecdsa_init mbedtls_ecdsa_init ecdsa_read_signature mbedtls_ecdsa_read_signature ecdsa_self_test mbedtls_ecdsa_self_test ecdsa_sign mbedtls_ecdsa_sign -ecdsa_sign_det mbedtls_ecdsa_sign_det ecdsa_verify mbedtls_ecdsa_verify ecdsa_write_signature mbedtls_ecdsa_write_signature -ecdsa_write_signature_det mbedtls_ecdsa_write_signature_det eckey_info mbedtls_eckey_info eckeydh_info mbedtls_eckeydh_info ecp_add mbedtls_ecp_add @@ -1558,7 +1547,6 @@ hmac_drbg_self_test mbedtls_hmac_drbg_self_test hmac_drbg_set_entropy_len mbedtls_hmac_drbg_set_entropy_len hmac_drbg_set_prediction_resistance mbedtls_hmac_drbg_set_prediction_resistance hmac_drbg_set_reseed_interval mbedtls_hmac_drbg_set_reseed_interval -hmac_drbg_update mbedtls_hmac_drbg_update hmac_drbg_update_seed_file mbedtls_hmac_drbg_update_seed_file hmac_drbg_write_seed_file mbedtls_hmac_drbg_write_seed_file hr_time mbedtls_timing_hr_time @@ -1994,7 +1982,6 @@ ssl_set_ciphersuites_for_version mbedtls_ssl_conf_ciphersuites_for_version ssl_set_client_transport_id mbedtls_ssl_set_client_transport_id ssl_set_curves mbedtls_ssl_conf_curves ssl_set_dbg mbedtls_ssl_conf_dbg -ssl_set_dh_param mbedtls_ssl_conf_dh_param ssl_set_dh_param_ctx mbedtls_ssl_conf_dh_param_ctx ssl_set_dtls_anti_replay mbedtls_ssl_conf_dtls_anti_replay ssl_set_dtls_badmac_limit mbedtls_ssl_conf_dtls_badmac_limit diff --git a/tests/src/drivers/signature.c b/tests/src/drivers/signature.c index cea035190..0185acc91 100644 --- a/tests/src/drivers/signature.c +++ b/tests/src/drivers/signature.c @@ -117,7 +117,7 @@ psa_status_t test_transparent_signature_sign_hash( goto cleanup; } MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d, - hash, hash_length, md_alg ) ); + hash, hash_length, md_alg, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r, signature, curve_bytes ) ); diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 76e474f21..463f58dc7 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -422,124 +422,6 @@ void cipher_invalid_param_conditional( ) valid_buffer, valid_size, valid_buffer, NULL ) ); -#if defined(MBEDTLS_CIPHER_MODE_AEAD) - /* mbedtls_cipher_auth_encrypt() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_encrypt( NULL, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, &size_t_var, - valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_encrypt( &valid_ctx, - NULL, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, &size_t_var, - valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_encrypt( &valid_ctx, - valid_buffer, valid_size, - NULL, valid_size, - valid_buffer, valid_size, - valid_buffer, &size_t_var, - valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_encrypt( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - NULL, valid_size, - valid_buffer, &size_t_var, - valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_encrypt( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - NULL, &size_t_var, - valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_encrypt( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, NULL, - valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_encrypt( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, &size_t_var, - NULL, valid_size ) ); - - /* mbedtls_cipher_auth_decrypt() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_decrypt( NULL, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, &size_t_var, - valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_decrypt( &valid_ctx, - NULL, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, &size_t_var, - valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_decrypt( &valid_ctx, - valid_buffer, valid_size, - NULL, valid_size, - valid_buffer, valid_size, - valid_buffer, &size_t_var, - valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_decrypt( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - NULL, valid_size, - valid_buffer, &size_t_var, - valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_decrypt( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - NULL, &size_t_var, - valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_decrypt( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, NULL, - valid_buffer, valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_decrypt( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, &size_t_var, - NULL, valid_size ) ); -#endif /* defined(MBEDTLS_CIPHER_MODE_AEAD) */ - #if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) /* mbedtls_cipher_auth_encrypt_ext */ TEST_INVALID_PARAM_RET( @@ -1146,13 +1028,6 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, unsigned char *encrypt_buf = NULL; size_t encrypt_buf_len = 0; -#if !defined(MBEDTLS_DEPRECATED_WARNING) && \ - !defined(MBEDTLS_DEPRECATED_REMOVED) - unsigned char *tmp_tag = NULL; - unsigned char *tmp_cipher = NULL; - unsigned char *tag_buf = NULL; -#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */ - /* Null pointers are documented as valid for inputs of length 0. * The test framework passes non-null pointers, so set them to NULL. * key, cipher and tag can't be empty. */ @@ -1184,12 +1059,6 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, cipher_id == MBEDTLS_CIPHER_AES_256_KW || using_nist_kw_padding; - /**************************************************************** - * * - * Part 1: non-deprecated API * - * * - ****************************************************************/ - /* * Prepare context for decryption */ @@ -1253,7 +1122,6 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, ASSERT_COMPARE( decrypt_buf, outlen, clear->x, clear->len ); } - /* Free this, but keep cipher_plus_tag for deprecated function with PSA */ mbedtls_free( decrypt_buf ); decrypt_buf = NULL; @@ -1315,135 +1183,12 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, encrypt_buf = NULL; } - /**************************************************************** - * * - * Part 2: deprecated API * - * * - ****************************************************************/ - -#if !defined(MBEDTLS_DEPRECATED_WARNING) && \ - !defined(MBEDTLS_DEPRECATED_REMOVED) - - /* - * Prepare context for decryption - */ - if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key, - MBEDTLS_DECRYPT ) ) - goto exit; - - /* - * Prepare pointers for decryption - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if( use_psa == 1 ) - { - /* PSA requires that the tag immediately follows the ciphertext. - * Fortunately, we already have that from testing the new API. */ - tmp_cipher = cipher_plus_tag; - tmp_tag = tmp_cipher + cipher->len; - } - else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - { - tmp_cipher = cipher->x; - tmp_tag = tag->x; - } - - /* - * Authenticate and decrypt, and check result - */ - - ASSERT_ALLOC( decrypt_buf, cipher->len ); - outlen = 0; - ret = mbedtls_cipher_auth_decrypt( &ctx, iv->x, iv->len, ad->x, ad->len, - tmp_cipher, cipher->len, decrypt_buf, &outlen, - tmp_tag, tag->len ); - - if( using_nist_kw ) - { - /* NIST_KW with legacy API */ - TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - } - else if( strcmp( result, "FAIL" ) == 0 ) - { - /* unauthentic message */ - TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ); - TEST_ASSERT( buffer_is_all_zero( decrypt_buf, cipher->len ) ); - } - else - { - /* authentic message: is the plaintext correct? */ - TEST_ASSERT( ret == 0 ); - ASSERT_COMPARE( decrypt_buf, outlen, clear->x, clear->len ); - } - - mbedtls_free( decrypt_buf ); - decrypt_buf = NULL; - mbedtls_free( cipher_plus_tag ); - cipher_plus_tag = NULL; - - /* - * Encrypt back if test data was authentic - */ - if( strcmp( result, "FAIL" ) != 0 ) - { - /* prepare context for encryption */ - if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key, - MBEDTLS_ENCRYPT ) ) - goto exit; - - /* prepare buffers for encryption */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - if( use_psa ) - { - ASSERT_ALLOC( cipher_plus_tag, cipher->len + tag->len ); - tmp_cipher = cipher_plus_tag; - tmp_tag = cipher_plus_tag + cipher->len; - } - else -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - { - ASSERT_ALLOC( encrypt_buf, cipher->len ); - ASSERT_ALLOC( tag_buf, tag->len ); - tmp_cipher = encrypt_buf; - tmp_tag = tag_buf; - } - - /* - * Encrypt and check the result - */ - outlen = 0; - ret = mbedtls_cipher_auth_encrypt( &ctx, iv->x, iv->len, ad->x, ad->len, - clear->x, clear->len, tmp_cipher, &outlen, - tmp_tag, tag->len ); - - if( using_nist_kw ) - { - TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - } - else - { - TEST_ASSERT( ret == 0 ); - - TEST_ASSERT( outlen == cipher->len ); - if( cipher->len != 0 ) - TEST_ASSERT( memcmp( tmp_cipher, cipher->x, cipher->len ) == 0 ); - TEST_ASSERT( memcmp( tmp_tag, tag->x, tag->len ) == 0 ); - } - } - -#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */ - exit: mbedtls_cipher_free( &ctx ); mbedtls_free( decrypt_buf ); mbedtls_free( encrypt_buf ); mbedtls_free( cipher_plus_tag ); -#if !defined(MBEDTLS_DEPRECATED_WARNING) && \ - !defined(MBEDTLS_DEPRECATED_REMOVED) - mbedtls_free( tag_buf ); -#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_USE_PSA_CRYPTO) if( use_psa == 1 ) diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 280c528f7..84a14641c 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -184,7 +184,6 @@ - From 7e9422db95d6cb78a350a75256ad88b3a7e27705 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 30 Apr 2021 10:32:58 +0200 Subject: [PATCH 2/6] Removing tabs and fixing doxygen formatting Signed-off-by: TRodziewicz --- library/ecdsa.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index 93430b878..630d5bdf3 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -421,7 +421,7 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, /* * Deterministic signature wrapper * - * \note The f_rng_blind parameter must not be \c NULL. + * note: The f_rng_blind parameter must not be NULL. * */ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp, @@ -478,9 +478,9 @@ sign: ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, mbedtls_hmac_drbg_random, p_rng ); #else - ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, p_rng, - f_rng_blind, p_rng_blind, rs_ctx ); + ret = ecdsa_sign_restartable( grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, p_rng, + f_rng_blind, p_rng_blind, rs_ctx ); #endif /* MBEDTLS_ECDSA_SIGN_ALT */ cleanup: From 8223ccee6b9e2f145b88f8129cd19aacabc144a3 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 30 Apr 2021 13:32:15 +0200 Subject: [PATCH 3/6] Correction of failing ecdsa & pk tests Signed-off-by: TRodziewicz --- tests/suites/test_suite_ecdsa.function | 6 ++++-- tests/suites/test_suite_pk.function | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 8157234f8..41beb52d4 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -599,7 +599,8 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, cnt_restart = 0; do { ret = mbedtls_ecdsa_write_signature_restartable( &ctx, - md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx ); + md_alg, hash, hlen, sig, &slen, mbedtls_test_rnd_std_rand, NULL, + &rs_ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); @@ -614,7 +615,8 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, if( min_restart > 0 ) { ret = mbedtls_ecdsa_write_signature_restartable( &ctx, - md_alg, hash, hlen, sig, &slen, NULL, NULL, &rs_ctx ); + md_alg, hash, hlen, sig, &slen, mbedtls_test_rnd_std_rand, NULL, + &rs_ctx ); TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); } diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index bc469b68d..612796b82 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -821,7 +821,8 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, cnt_restart = 0; do { ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen, - sig, &slen, NULL, NULL, &rs_ctx ); + sig, &slen, mbedtls_test_rnd_std_rand, + NULL, &rs_ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); @@ -868,7 +869,8 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, slen = sizeof( sig ); ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen, - sig, &slen, NULL, NULL, &rs_ctx ); + sig, &slen, mbedtls_test_rnd_std_rand, + NULL, &rs_ctx ); TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); } From 0bc3938551c187e5a27f4b165d1c8ceb4fe8cce0 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 30 Apr 2021 14:18:06 +0200 Subject: [PATCH 4/6] Removing trailing spaces Signed-off-by: TRodziewicz --- tests/suites/test_suite_ecdsa.function | 4 ++-- tests/suites/test_suite_pk.function | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 41beb52d4..58cedc13c 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -599,7 +599,7 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, cnt_restart = 0; do { ret = mbedtls_ecdsa_write_signature_restartable( &ctx, - md_alg, hash, hlen, sig, &slen, mbedtls_test_rnd_std_rand, NULL, + md_alg, hash, hlen, sig, &slen, mbedtls_test_rnd_std_rand, NULL, &rs_ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); @@ -615,7 +615,7 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, if( min_restart > 0 ) { ret = mbedtls_ecdsa_write_signature_restartable( &ctx, - md_alg, hash, hlen, sig, &slen, mbedtls_test_rnd_std_rand, NULL, + md_alg, hash, hlen, sig, &slen, mbedtls_test_rnd_std_rand, NULL, &rs_ctx ); TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); } diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 612796b82..9454fe7c7 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -821,7 +821,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, cnt_restart = 0; do { ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen, - sig, &slen, mbedtls_test_rnd_std_rand, + sig, &slen, mbedtls_test_rnd_std_rand, NULL, &rs_ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); @@ -869,7 +869,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, slen = sizeof( sig ); ret = mbedtls_pk_sign_restartable( &prv, md_alg, hash, hlen, - sig, &slen, mbedtls_test_rnd_std_rand, + sig, &slen, mbedtls_test_rnd_std_rand, NULL, &rs_ctx ); TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); } From c1c479fbe9f0e7aac39e9b2d821e24580405156a Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Thu, 6 May 2021 00:53:22 +0200 Subject: [PATCH 5/6] Fllow-up of the review: ChangeLog expansion, mmigration guides added and comments fixed Signed-off-by: TRodziewicz --- ChangeLog.d/issue4282.txt | 13 +++- configs/config-psa-crypto.h | 6 -- ...move_deprecated_functions_and_constants.md | 64 +++++++++++++++++++ include/mbedtls/config.h | 10 +-- library/ecdsa.c | 4 +- tests/suites/test_suite_cipher.function | 5 -- 6 files changed, 80 insertions(+), 22 deletions(-) create mode 100644 docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md diff --git a/ChangeLog.d/issue4282.txt b/ChangeLog.d/issue4282.txt index 27d9a281a..685f64df4 100644 --- a/ChangeLog.d/issue4282.txt +++ b/ChangeLog.d/issue4282.txt @@ -1,2 +1,13 @@ Removals - * Remove deprecated functions and constants. Fix #4282 + * Remove the following deprecated functions and constants of hex-encoded + primes based on RFC 5114 and RFC 3526 from library code and tests: + mbedtls_aes_encrypt(), mbedtls_aes_decrypt(), mbedtls_mpi_is_prime(), + mbedtls_cipher_auth_encrypt(), mbedtls_cipher_auth_decrypt(), + mbedtls_ctr_drbg_update(), mbedtls_hmac_drbg_update(), + mbedtls_ecdsa_write_signature_det(), mbedtls_ecdsa_sign_det(), + mbedtls_ssl_conf_dh_param(), mbedtls_ssl_get_max_frag_len(), + MBEDTLS_DHM_RFC5114_MODP_2048_P, MBEDTLS_DHM_RFC5114_MODP_2048_G, + MBEDTLS_DHM_RFC3526_MODP_2048_P, MBEDTLS_DHM_RFC3526_MODP_2048_G, + MBEDTLS_DHM_RFC3526_MODP_3072_P, MBEDTLS_DHM_RFC3526_MODP_3072_G, + MBEDTLS_DHM_RFC3526_MODP_4096_P, MBEDTLS_DHM_RFC3526_MODP_4096_G. + Remove the deprecated file: include/mbedtls/net.h. Fixes #4282. diff --git a/configs/config-psa-crypto.h b/configs/config-psa-crypto.h index 28292d42b..f6314ae1a 100644 --- a/configs/config-psa-crypto.h +++ b/configs/config-psa-crypto.h @@ -397,12 +397,6 @@ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible * with this definition. * - * \note Because of a signature change, the core AES encryption and decryption routines are - * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, - * respectively. When setting up alternative implementations, these functions should - * be overridden, but the wrapper functions mbedtls_internal_aes_decrypt and - * mbedtls_internal_aes_encrypt must stay untouched. - * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES * tables. diff --git a/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md new file mode 100644 index 000000000..8791649de --- /dev/null +++ b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md @@ -0,0 +1,64 @@ +Deprecated functions were removed from AES +------------------------------------------ + +The functions `mbedtls_aes_encrypt()` and `mbedtls_aes_decrypt()` were removed. +Please use `mbedtls_internal_aes_encrypt()` and `mbedtls_internal_aes_decrypt()` +respectively. + +Deprecated functions were removed from bignum +--------------------------------------------- + +The function `mbedtls_mpi_is_prime()` was removed. Please use +`mbedtls_mpi_is_prime_ext()` instead which additionally allows specifying the +number of Miller-Rabin rounds. + +Deprecated functions were removed from cipher +--------------------------------------------- + +The functions `mbedtls_cipher_auth_encrypt()` and +`mbedtls_cipher_auth_decrypt()` were removed. They were superseded by +`mbedtls_cipher_auth_encrypt_ext()` and `mbedtls_cipher_auth_decrypt_ext()` +respectively which additionally support key wrapping algorithms such as +NIST_KW. + +Deprecated functions were removed from DRBGs +-------------------------------------------- + +The functions `mbedtls_ctr_drbg_update()` and `mbedtls_hmac_drbg_update()` +were removed. They were superseded by `mbedtls_ctr_drbg_update_ret()` and +`mbedtls_hmac_drbg_update_ret()` respectively. + +Deprecated functions were removed from ECDSA +-------------------------------------------- + +The functions `mbedtls_ecdsa_write_signature_det()` and +`mbedtls_ecdsa_sign_det()` were removed. They were superseded by +`mbedtls_ecdsa_write_signature()` and `mbedtls_ecdsa_sign_det_ext()` +respectively. + +Deprecated functions were removed from SSL +------------------------------------------ + +The functions `mbedtls_ssl_conf_dh_param()` and +`mbedtls_ssl_get_max_frag_len()` were removed. Please use +`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` and +`mbedtls_ssl_get_output_max_frag_len()` instead. + + +Deprecated hex-encoded primes were removed from DHM +--------------------------------------------------- + +The macros `MBEDTLS_DHM_RFC5114_MODP_2048_P`, `MBEDTLS_DHM_RFC5114_MODP_2048_G`, +`MBEDTLS_DHM_RFC3526_MODP_2048_P`, `MBEDTLS_DHM_RFC3526_MODP_2048_G`, +`MBEDTLS_DHM_RFC3526_MODP_3072_P`, `MBEDTLS_DHM_RFC3526_MODP_3072_G`, +`MBEDTLS_DHM_RFC3526_MODP_4096_P `and `MBEDTLS_DHM_RFC3526_MODP_4096_G` were +removed. The hex-encoded primes from RFC 5114 are deprecated because their +derivation is not documented and therefore their usage constitutes a security +risk. They are removed from the library without replacement. + +Deprecated net.h file was removed +--------------------------------- + +The file `include/mbedtls/net.h` was removed because its only function was to +include `mbedtls/net_sockets.h` which now should be included directly. + diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 53497b31a..e2b6b70da 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -421,12 +421,6 @@ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible * with this definition. * - * \note Because of a signature change, the core AES encryption and decryption routines are - * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, - * respectively. When setting up alternative implementations, these functions should - * be overridden, but the wrapper functions mbedtls_internal_aes_decrypt and - * mbedtls_internal_aes_encrypt must stay untouched. - * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES * tables. @@ -445,9 +439,7 @@ * alternative implementations should use the RNG only for generating * the ephemeral key and nothing else. If this is not possible, then * MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative - * implementation should be provided for mbedtls_ecdsa_sign_det_ext() - * (and for mbedtls_ecdsa_sign_det_ext() too if backward compatibility - * is desirable). + * implementation should be provided for mbedtls_ecdsa_sign_det_ext(). * */ //#define MBEDTLS_MD2_PROCESS_ALT diff --git a/library/ecdsa.c b/library/ecdsa.c index 630d5bdf3..18f4379c5 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -685,7 +685,9 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx, ECDSA_VALIDATE_RET( hash != NULL ); ECDSA_VALIDATE_RET( sig != NULL ); ECDSA_VALIDATE_RET( slen != NULL ); - ECDSA_VALIDATE_RET( f_rng != NULL ); + + if( f_rng == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 463f58dc7..3d3f6a329 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -1008,11 +1008,6 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, * of AEAD decryption and AEAD encryption. Check that * this results in the expected plaintext, and that * decryption and encryption are inverse to one another. - * - * Do that twice: - * - once with legacy functions auth_decrypt/auth_encrypt - * - once with new functions auth_decrypt_ext/auth_encrypt_ext - * This allows testing both without duplicating test cases. */ int ret; From d9d035a5b5210d508fae487d1609207318e9714a Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Thu, 6 May 2021 11:53:06 +0200 Subject: [PATCH 6/6] Corrections of the migration guide from the code review. Signed-off-by: TRodziewicz --- ...move_deprecated_functions_and_constants.md | 32 ++++++++++++------- 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md index 8791649de..b18b3109d 100644 --- a/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md +++ b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md @@ -1,9 +1,16 @@ Deprecated functions were removed from AES ------------------------------------------ -The functions `mbedtls_aes_encrypt()` and `mbedtls_aes_decrypt()` were removed. -Please use `mbedtls_internal_aes_encrypt()` and `mbedtls_internal_aes_decrypt()` -respectively. +The functions `mbedtls_aes_encrypt()` and `mbedtls_aes_decrypt()` were +removed. + +If you're simply using the AES module, you should be calling the higher-level +functions `mbedtls_aes_crypt_xxx()`. + +If you're providing an alternative implementation using +`MBEDTLS_AES_ENCRYPT_ALT` or `MBEDTLS_AES_DECRYPT_ALT`, you should be +replacing the removed functions with `mbedtls_internal_aes_encrypt()` and +`mbedtls_internal_aes_decrypt()` respectively. Deprecated functions were removed from bignum --------------------------------------------- @@ -20,7 +27,7 @@ The functions `mbedtls_cipher_auth_encrypt()` and `mbedtls_cipher_auth_encrypt_ext()` and `mbedtls_cipher_auth_decrypt_ext()` respectively which additionally support key wrapping algorithms such as NIST_KW. - + Deprecated functions were removed from DRBGs -------------------------------------------- @@ -39,11 +46,11 @@ respectively. Deprecated functions were removed from SSL ------------------------------------------ -The functions `mbedtls_ssl_conf_dh_param()` and -`mbedtls_ssl_get_max_frag_len()` were removed. Please use -`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` and -`mbedtls_ssl_get_output_max_frag_len()` instead. +The function `mbedtls_ssl_conf_dh_param()` was removed. Please use +`mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` instead. +The function `mbedtls_ssl_get_max_frag_len()` was removed. Please use +`mbedtls_ssl_get_output_max_frag_len()` instead. Deprecated hex-encoded primes were removed from DHM --------------------------------------------------- @@ -52,13 +59,14 @@ The macros `MBEDTLS_DHM_RFC5114_MODP_2048_P`, `MBEDTLS_DHM_RFC5114_MODP_2048_G`, `MBEDTLS_DHM_RFC3526_MODP_2048_P`, `MBEDTLS_DHM_RFC3526_MODP_2048_G`, `MBEDTLS_DHM_RFC3526_MODP_3072_P`, `MBEDTLS_DHM_RFC3526_MODP_3072_G`, `MBEDTLS_DHM_RFC3526_MODP_4096_P `and `MBEDTLS_DHM_RFC3526_MODP_4096_G` were -removed. The hex-encoded primes from RFC 5114 are deprecated because their -derivation is not documented and therefore their usage constitutes a security -risk. They are removed from the library without replacement. +removed. The primes from RFC 5114 are deprecated because their derivation is not +documented and therefore their usage constitutes a security risk; they are fully +removed from the library. Please use parameters from RFC3526 (still in the +library, only in binary form) or RFC 7919 (also available in the library) or +other trusted sources instead. Deprecated net.h file was removed --------------------------------- The file `include/mbedtls/net.h` was removed because its only function was to include `mbedtls/net_sockets.h` which now should be included directly. -