From 6d0816a8ae3973df2ff2d181034e2f4ef077666c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 11:30:27 +0000 Subject: [PATCH 01/11] Introduce macros to deprecate constants in the API This commit introduces macros * MBEDTLS_DEPRECATED_STRING_CONSTANT * MBEDTLS_DEPRECATED_NUMERIC_CONSTANT to platform_util.h which can be used to deprecate public macro constants. Their definition is essentially taken from dhm.h where the MBEDTLS_DEPRECATED_STRING_CONSTANT was used to deprecate insecure hardcoded DHM primes. --- include/mbedtls/dhm.h | 9 --------- include/mbedtls/platform_util.h | 21 +++++++++++++++++++++ 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 8e2d0208d..27e3753a4 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -353,15 +353,6 @@ int mbedtls_dhm_self_test( int verbose ); #if !defined(MBEDTLS_DEPRECATED_REMOVED) -#if defined(MBEDTLS_DEPRECATED_WARNING) -#define MBEDTLS_DEPRECATED __attribute__((deprecated)) -MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_constant_t; -#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ - ( (mbedtls_deprecated_constant_t) ( VAL ) ) -#else -#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL -#endif /* ! MBEDTLS_DEPRECATED_WARNING */ - /** * \warning The origin of the primes in RFC 5114 is not documented and * their use therefore constitutes a security risk! diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 164a1a05f..9da6f0fa0 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -41,6 +41,27 @@ extern "C" { #endif +/* Internal helper macros for deprecating API constants. */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +/* Deliberately don't (yet) define MBEDTLS_DEPRECATED here to avoid + * conflict with other headers which define and use it, too. + * We might want to move all these definitions here at some point + * for uniformity. */ +__attribute__((deprecated)) +typedef char const * mbedtls_deprecated_string_constant_t; +#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ + ( (mbedtls_deprecated_string_constant_t) ( VAL ) ) + __attribute__((deprecated)) +typedef int mbedtls_deprecated_numeric_constant_t; +#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \ + ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) ) +#else /* MBEDTLS_DEPRECATED_WARNING */ +#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL +#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL +#endif /* MBEDTLS_DEPRECATED_WARNING */ +#endif /* MBEDTLS_DEPRECATED_REMOVED */ + /** * \brief Securely zeroize a buffer * From 2f47550018588cf5a82d1a7a7c8427e99016bacd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 13:19:06 +0000 Subject: [PATCH 02/11] Introduce single ARIA error code for bad input data Deprecate the old specific error codes * MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH * MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH --- ChangeLog | 4 ++++ include/mbedtls/aria.h | 9 +++++++-- include/mbedtls/error.h | 2 +- library/aria.c | 4 ++-- 4 files changed, 14 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index e5b6a24b7..ff413d82e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,10 @@ API Changes mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() * Extend ECDH interface to enable alternative implementations. + * Deprecate the ARIA error constants + - MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH + - MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH + in favour of a new single error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 483d4c299..ab6e8e5d3 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -39,6 +39,8 @@ #include #include +#include "platform_util.h" + #define MBEDTLS_ARIA_ENCRYPT 1 /**< ARIA encryption. */ #define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */ @@ -46,8 +48,11 @@ #define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */ #define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */ -#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH -0x005C /**< Invalid key length. */ -#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C ) +#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005E ) +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */ /* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used. */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 0c3888987..02505d9c3 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -63,7 +63,7 @@ * CTR_DBRG 4 0x0034-0x003A * ENTROPY 3 0x003C-0x0040 0x003D-0x003F * NET 13 0x0042-0x0052 0x0043-0x0049 - * ARIA 4 0x0058-0x005E + * ARIA 3 0x0058-0x005C * ASN1 7 0x0060-0x006C * CMAC 1 0x007A-0x007A * PBKDF2 1 0x007C-0x007C diff --git a/library/aria.c b/library/aria.c index ca9e147f0..9763ca6ed 100644 --- a/library/aria.c +++ b/library/aria.c @@ -451,7 +451,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, uint32_t w[4][4], *w2; if( keybits != 128 && keybits != 192 && keybits != 256 ) - return( MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH ); + return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); /* Copy key to W0 (and potential remainder to W1) */ GET_UINT32_LE( w[0][0], key, 0 ); @@ -613,7 +613,7 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE]; if( length % MBEDTLS_ARIA_BLOCKSIZE ) - return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH ); + return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); if( mode == MBEDTLS_ARIA_DECRYPT ) { From 4c029d09be2dd9610dd9de2553f076eb68a563ca Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 13:20:05 +0000 Subject: [PATCH 03/11] Introduce single CAMELLIA error code for bad input data Deprecate the old specific error codes * MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH --- ChangeLog | 4 ++++ include/mbedtls/camellia.h | 9 +++++++-- include/mbedtls/error.h | 2 +- library/camellia.c | 4 ++-- tests/suites/test_suite_camellia.data | 8 ++++---- 5 files changed, 18 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index ff413d82e..392ba31b2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,6 +35,10 @@ API Changes - MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH - MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH in favour of a new single error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. + * Deprecate the CAMELLIA error constants + - MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH + - MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH + in favour of a new single error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 1555867cf..af3ef8868 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -33,11 +33,16 @@ #include #include +#include "platform_util.h" + #define MBEDTLS_CAMELLIA_ENCRYPT 1 #define MBEDTLS_CAMELLIA_DECRYPT 0 -#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH -0x0024 /**< Invalid key length. */ -#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 ) +#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0026 ) +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */ /* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used. */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 02505d9c3..9531ef5e1 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -54,7 +54,7 @@ * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 * THREADING 3 0x001A-0x001E * AES 5 0x0020-0x0022 0x0021-0x0025 - * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 + * CAMELLIA 2 0x0024-0x0024 0x0027-0x0027 * XTEA 2 0x0028-0x0028 0x0029-0x0029 * BASE64 2 0x002A-0x002C * OID 1 0x002E-0x002E 0x000B-0x000B diff --git a/library/camellia.c b/library/camellia.c index 41b7da0fa..2fe0b7758 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -356,7 +356,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c case 128: ctx->nr = 3; idx = 0; break; case 192: case 256: ctx->nr = 4; idx = 1; break; - default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH ); + default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); } for( i = 0; i < keybits / 8; ++i ) @@ -562,7 +562,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, unsigned char temp[16]; if( length % 16 ) - return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH ); + return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); if( mode == MBEDTLS_CAMELLIA_DECRYPT ) { diff --git a/tests/suites/test_suite_camellia.data b/tests/suites/test_suite_camellia.data index 14298387a..efa786534 100644 --- a/tests/suites/test_suite_camellia.data +++ b/tests/suites/test_suite_camellia.data @@ -185,16 +185,16 @@ depends_on:MBEDTLS_CIPHER_MODE_CFB camellia_decrypt_cfb128:"603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4":"555FC3F34BDD2D54C62D9E3BF338C1C4":"F69F2445DF4F9B17AD2B417BE66C3710":"5953ADCE14DB8C7F39F1BD39F359BFFA" Camellia-ECB Encrypt (Invalid key length) -camellia_encrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH +camellia_encrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA Camellia-ECB Decrypt (Invalid key length) -camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH +camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA Camellia-256-CBC Encrypt (Invalid input length) -camellia_encrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ffffffffffffffe000000000000000":"":MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH +camellia_encrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ffffffffffffffe000000000000000":"":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA Camellia-256-CBC Decrypt (Invalid input length) -camellia_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH +camellia_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA Camellia Selftest depends_on:MBEDTLS_SELF_TEST From d2f3a00062036b39e23bf3ed038de3d3b1264db8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 13:21:06 +0000 Subject: [PATCH 04/11] Introduce single BLOWFISH error code for bad input data Deprecate the old specific error codes * MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH * MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH --- ChangeLog | 4 ++++ include/mbedtls/blowfish.h | 10 +++++++--- include/mbedtls/error.h | 2 +- library/blowfish.c | 4 ++-- tests/suites/test_suite_blowfish.data | 12 ++++++------ 5 files changed, 20 insertions(+), 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 392ba31b2..7a298ad27 100644 --- a/ChangeLog +++ b/ChangeLog @@ -39,6 +39,10 @@ API Changes - MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH - MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH in favour of a new single error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. + * Deprecate the Blowfish error constants + - MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH + - MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH + in favour of a new single error MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 82b772ada..0f192aa3a 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -33,6 +33,8 @@ #include #include +#include "platform_util.h" + #define MBEDTLS_BLOWFISH_ENCRYPT 1 #define MBEDTLS_BLOWFISH_DECRYPT 0 #define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448 @@ -40,14 +42,16 @@ #define MBEDTLS_BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */ #define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */ -#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH -0x0016 /**< Invalid key length. */ +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 ) +#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0018 ) +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ +#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */ /* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */ -#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ - #ifdef __cplusplus extern "C" { #endif diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 9531ef5e1..a8f587ca6 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -51,7 +51,7 @@ * Module Nr Codes assigned * MPI 7 0x0002-0x0010 * GCM 3 0x0012-0x0014 0x0013-0x0013 - * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 + * BLOWFISH 2 0x0016-0x0016 0x0017-0x0017 * THREADING 3 0x001A-0x001E * AES 5 0x0020-0x0022 0x0021-0x0025 * CAMELLIA 2 0x0024-0x0024 0x0027-0x0027 diff --git a/library/blowfish.c b/library/blowfish.c index 5b6bb9885..e42bd2b2e 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -176,7 +176,7 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS || ( keybits % 8 ) ) { - return( MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH ); + return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); } keybits >>= 3; @@ -265,7 +265,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE]; if( length % MBEDTLS_BLOWFISH_BLOCKSIZE ) - return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH ); + return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); if( mode == MBEDTLS_BLOWFISH_DECRYPT ) { diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data index 1ba311f59..a39f8754a 100644 --- a/tests/suites/test_suite_blowfish.data +++ b/tests/suites/test_suite_blowfish.data @@ -203,13 +203,13 @@ BLOWFISH-ECB Decrypt SSLeay reference #34 blowfish_decrypt_ecb:"fedcba9876543210":"6b5c5a9c5d9e0a5a":"ffffffffffffffff":0 BLOWFISH-SETKEY Setkey SSLeay reference #1 -blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH +blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-SETKEY Setkey SSLeay reference #2 -blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH +blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-SETKEY Setkey SSLeay reference #3 -blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH +blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-SETKEY Setkey SSLeay reference #4 blowfish_encrypt_ecb:"f0e1d2c3":"fedcba9876543210":"be1e639408640f05":0 @@ -281,7 +281,7 @@ BLOWFISH-SETKEY Setkey 448 bits blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fff":"fedcba9876543210":"2fb3ab7f0ee91b69":0 BLOWFISH-SETKEY Setkey 456 bits -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH +blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-CBC Encrypt blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000000000":"6b77b4d63006dee605b156e27403979358deb9e7154616d959f1652bd5ff92cc":0 @@ -290,10 +290,10 @@ BLOWFISH-CBC Decrypt blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC":"37363534333231204e6f77206973207468652074696d6520666f722000000000":0 BLOWFISH-CBC Encrypt -blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F7220000000":"":MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH +blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F7220000000":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-CBC Decrypt -blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC00":"":MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH +blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC00":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA BLOWFISH-CFB Encrypt blowfish_encrypt_cfb64:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000":"e73214a2822139caf26ecf6d2eb9e76e3da3de04d1517200519d57a6c3" From 3214215b1ee28ee19e62e7cbed0055ca7c1ade8f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 13:25:58 +0000 Subject: [PATCH 05/11] Update errors.c --- library/error.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/library/error.c b/library/error.c index eabee9e21..da1d5d494 100644 --- a/library/error.c +++ b/library/error.c @@ -618,10 +618,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #endif /* MBEDTLS_ARC4_C */ #if defined(MBEDTLS_ARIA_C) - if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH) ) - mbedtls_snprintf( buf, buflen, "ARIA - Invalid key length" ); - if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) ) - mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" ); + if( use_ret == -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "ARIA - Bad input data" ); if( use_ret == -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "ARIA - Feature not available. For example, an unsupported ARIA key size" ); if( use_ret == -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED) ) @@ -672,19 +670,15 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #endif /* MBEDTLS_BIGNUM_C */ #if defined(MBEDTLS_BLOWFISH_C) - if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH) ) - mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid key length" ); + if( use_ret == -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "BLOWFISH - Bad input data" ); if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" ); - if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) ) - mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" ); #endif /* MBEDTLS_BLOWFISH_C */ #if defined(MBEDTLS_CAMELLIA_C) - if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH) ) - mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid key length" ); - if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) ) - mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" ); + if( use_ret == -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) ) + mbedtls_snprintf( buf, buflen, "CAMELLIA - Bad input data" ); if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Camellia hardware accelerator failed" ); #endif /* MBEDTLS_CAMELLIA_C */ From 4fb258a868f6e5566b982d5fa2fe273721942edb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 16:09:15 +0000 Subject: [PATCH 06/11] Remove mentioning of deprecated error codes --- include/mbedtls/aria.h | 6 +++--- include/mbedtls/blowfish.h | 4 ++-- include/mbedtls/camellia.h | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index ab6e8e5d3..61987507f 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -111,7 +111,7 @@ void mbedtls_aria_free( mbedtls_aria_context *ctx ); *
  • 192 bits
    • *
  • 256 bits
    • * - * \return \c 0 on success or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH + * \return \c 0 on success or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA * on failure. */ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, @@ -128,7 +128,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx, *
  • 192 bits
    • *
  • 256 bits
    • * - * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH on failure. + * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA on failure. */ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx, const unsigned char *key, @@ -190,7 +190,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, * \param input The buffer holding the input data. * \param output The buffer holding the output data. * - * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH + * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA * on failure. */ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 0f192aa3a..6062cd0b4 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -95,7 +95,7 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); * \param key encryption key * \param keybits must be between 32 and 448 bits * - * \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH + * \return 0 if successful, or MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA */ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -137,7 +137,7 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, * \param output buffer holding the output data * * \return 0 if successful, or - * MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH + * MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA */ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, int mode, diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index af3ef8868..93987bf70 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -91,7 +91,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx ); * \param key encryption key * \param keybits must be 128, 192 or 256 * - * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH + * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA */ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -103,7 +103,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c * \param key decryption key * \param keybits must be 128, 192 or 256 * - * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH + * \return 0 if successful, or MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA */ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key, unsigned int keybits ); @@ -145,7 +145,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * \param output buffer holding the output data * * \return 0 if successful, or - * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH + * MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA */ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, int mode, @@ -180,7 +180,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, * \param output buffer holding the output data * * \return 0 if successful, or - * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH + * MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. */ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx, int mode, From 9dbefa1793e492b7e4e854a00717375efb4cf9c2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 17 Dec 2018 22:49:13 +0000 Subject: [PATCH 07/11] Fix conflict between constant deprecation and check-names.sh The previous introduction of constant deprecation macros in platform_util.h lead to failure of tests/scrips/check-names.sh because the regular expressions in the latter choked on the brackets in the part `__attribute__((deprecated))` of the definition of the helper type `mbedtls_deprecated_{numeric|string}_constant_t`. Postponing any further study and potential robustness improvements in check-names.sh to another time, this commit circumvents this problem by temporarily abbreviating `__attribute__((deprecated))` as `MBEDTLS_DEPRECATED`, which doesn't lead to problems with check-names.sh. --- include/mbedtls/platform_util.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 9da6f0fa0..bdf92529f 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -44,18 +44,18 @@ extern "C" { /* Internal helper macros for deprecating API constants. */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) -/* Deliberately don't (yet) define MBEDTLS_DEPRECATED here to avoid - * conflict with other headers which define and use it, too. - * We might want to move all these definitions here at some point - * for uniformity. */ -__attribute__((deprecated)) -typedef char const * mbedtls_deprecated_string_constant_t; +/* Deliberately don't (yet) export MBEDTLS_DEPRECATED here + * to avoid conflict with other headers which define and use + * it, too. We might want to move all these definitions here at + * some point for uniformity. */ +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t; #define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) \ ( (mbedtls_deprecated_string_constant_t) ( VAL ) ) - __attribute__((deprecated)) -typedef int mbedtls_deprecated_numeric_constant_t; +MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; #define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) \ ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) ) +#undef MBEDTLS_DEPRECATED #else /* MBEDTLS_DEPRECATED_WARNING */ #define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL #define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL From 938f9e9bdbff3e0cbb1f1f62520b72f543cc8b33 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 09:40:25 +0000 Subject: [PATCH 08/11] Undo deprecation of MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH Merging MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH and MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH is an API break. --- ChangeLog | 6 ++---- include/mbedtls/camellia.h | 3 ++- include/mbedtls/error.h | 2 +- library/camellia.c | 2 +- library/error.c | 2 ++ tests/suites/test_suite_camellia.data | 4 ++-- 6 files changed, 10 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7a298ad27..5a569a389 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,10 +35,8 @@ API Changes - MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH - MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH in favour of a new single error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. - * Deprecate the CAMELLIA error constants - - MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH - - MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH - in favour of a new single error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. + * Deprecate the CAMELLIA error MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH + in favour a new generic error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. * Deprecate the Blowfish error constants - MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH - MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index 93987bf70..e52461281 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -40,10 +40,11 @@ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 ) -#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0026 ) #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */ +#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ + /* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index a8f587ca6..c4883be65 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -54,7 +54,7 @@ * BLOWFISH 2 0x0016-0x0016 0x0017-0x0017 * THREADING 3 0x001A-0x001E * AES 5 0x0020-0x0022 0x0021-0x0025 - * CAMELLIA 2 0x0024-0x0024 0x0027-0x0027 + * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 * XTEA 2 0x0028-0x0028 0x0029-0x0029 * BASE64 2 0x002A-0x002C * OID 1 0x002E-0x002E 0x000B-0x000B diff --git a/library/camellia.c b/library/camellia.c index 2fe0b7758..97c9f20d0 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -562,7 +562,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, unsigned char temp[16]; if( length % 16 ) - return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH ); if( mode == MBEDTLS_CAMELLIA_DECRYPT ) { diff --git a/library/error.c b/library/error.c index da1d5d494..80f4948b9 100644 --- a/library/error.c +++ b/library/error.c @@ -679,6 +679,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_CAMELLIA_C) if( use_ret == -(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Bad input data" ); + if( use_ret == -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH) ) + mbedtls_snprintf( buf, buflen, "CAMELLIA - Invalid data input length" ); if( use_ret == -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "CAMELLIA - Camellia hardware accelerator failed" ); #endif /* MBEDTLS_CAMELLIA_C */ diff --git a/tests/suites/test_suite_camellia.data b/tests/suites/test_suite_camellia.data index efa786534..190632ed3 100644 --- a/tests/suites/test_suite_camellia.data +++ b/tests/suites/test_suite_camellia.data @@ -191,10 +191,10 @@ Camellia-ECB Decrypt (Invalid key length) camellia_decrypt_ecb:"0123456789abcdeffedcba98765432":"0123456789abcdeffedcba9876543210":"67673138549669730857065648eabe43":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA Camellia-256-CBC Encrypt (Invalid input length) -camellia_encrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ffffffffffffffe000000000000000":"":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA +camellia_encrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"ffffffffffffffe000000000000000":"":MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH Camellia-256-CBC Decrypt (Invalid input length) -camellia_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA +camellia_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH Camellia Selftest depends_on:MBEDTLS_SELF_TEST From a034369eca145b9cdf132938d552ffcf812cd0c6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 09:42:58 +0000 Subject: [PATCH 09/11] Undo deprecation of MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH --- ChangeLog | 6 ++---- include/mbedtls/aria.h | 3 ++- include/mbedtls/error.h | 2 +- library/aria.c | 2 +- library/error.c | 2 ++ 5 files changed, 8 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5a569a389..42e3f9420 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,10 +31,8 @@ API Changes mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret() * Extend ECDH interface to enable alternative implementations. - * Deprecate the ARIA error constants - - MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH - - MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH - in favour of a new single error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. + * Deprecate the ARIA error MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH + in favour of a new generic error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. * Deprecate the CAMELLIA error MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH in favour a new generic error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. * Deprecate the Blowfish error constants diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 61987507f..9e981d92c 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -50,10 +50,11 @@ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C ) -#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005E ) #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */ +#define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */ + /* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used. */ #define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE -0x005A /**< Feature not available. For example, an unsupported ARIA key size. */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index c4883be65..56042c90c 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -63,7 +63,7 @@ * CTR_DBRG 4 0x0034-0x003A * ENTROPY 3 0x003C-0x0040 0x003D-0x003F * NET 13 0x0042-0x0052 0x0043-0x0049 - * ARIA 3 0x0058-0x005C + * ARIA 4 0x0058-0x005E * ASN1 7 0x0060-0x006C * CMAC 1 0x007A-0x007A * PBKDF2 1 0x007C-0x007C diff --git a/library/aria.c b/library/aria.c index 9763ca6ed..6d87941c1 100644 --- a/library/aria.c +++ b/library/aria.c @@ -613,7 +613,7 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE]; if( length % MBEDTLS_ARIA_BLOCKSIZE ) - return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH ); if( mode == MBEDTLS_ARIA_DECRYPT ) { diff --git a/library/error.c b/library/error.c index 80f4948b9..a70db689d 100644 --- a/library/error.c +++ b/library/error.c @@ -620,6 +620,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_ARIA_C) if( use_ret == -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA) ) mbedtls_snprintf( buf, buflen, "ARIA - Bad input data" ); + if( use_ret == -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH) ) + mbedtls_snprintf( buf, buflen, "ARIA - Invalid data input length" ); if( use_ret == -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE) ) mbedtls_snprintf( buf, buflen, "ARIA - Feature not available. For example, an unsupported ARIA key size" ); if( use_ret == -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED) ) From 6640b0d9a3d880ca4c90832efcdff9ac0ca8d488 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 09:45:17 +0000 Subject: [PATCH 10/11] Undo deprecation of MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH --- ChangeLog | 6 ++---- include/mbedtls/blowfish.h | 3 ++- include/mbedtls/error.h | 2 +- library/blowfish.c | 2 +- library/error.c | 2 ++ tests/suites/test_suite_blowfish.data | 4 ++-- 6 files changed, 10 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog index 42e3f9420..7422f02d4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -35,10 +35,8 @@ API Changes in favour of a new generic error MBEDTLS_ERR_ARIA_BAD_INPUT_DATA. * Deprecate the CAMELLIA error MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH in favour a new generic error MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA. - * Deprecate the Blowfish error constants - - MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH - - MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH - in favour of a new single error MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA. + * Deprecate the Blowfish error MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH + in favour of a new generic error MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA. New deprecations * Deprecate mbedtls_ctr_drbg_update and mbedtls_hmac_drbg_update diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 6062cd0b4..ab4fc2316 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -44,10 +44,11 @@ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 ) -#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0018 ) #endif /* !MBEDTLS_DEPRECATED_REMOVED */ #define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */ +#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ + /* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used. */ #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */ diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 56042c90c..0c3888987 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -51,7 +51,7 @@ * Module Nr Codes assigned * MPI 7 0x0002-0x0010 * GCM 3 0x0012-0x0014 0x0013-0x0013 - * BLOWFISH 2 0x0016-0x0016 0x0017-0x0017 + * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 * THREADING 3 0x001A-0x001E * AES 5 0x0020-0x0022 0x0021-0x0025 * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 diff --git a/library/blowfish.c b/library/blowfish.c index e42bd2b2e..b3448c20b 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -265,7 +265,7 @@ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE]; if( length % MBEDTLS_BLOWFISH_BLOCKSIZE ) - return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); + return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH ); if( mode == MBEDTLS_BLOWFISH_DECRYPT ) { diff --git a/library/error.c b/library/error.c index a70db689d..3be4175cc 100644 --- a/library/error.c +++ b/library/error.c @@ -674,6 +674,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #if defined(MBEDTLS_BLOWFISH_C) if( use_ret == -(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA) ) mbedtls_snprintf( buf, buflen, "BLOWFISH - Bad input data" ); + if( use_ret == -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH) ) + mbedtls_snprintf( buf, buflen, "BLOWFISH - Invalid data input length" ); if( use_ret == -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED) ) mbedtls_snprintf( buf, buflen, "BLOWFISH - Blowfish hardware accelerator failed" ); #endif /* MBEDTLS_BLOWFISH_C */ diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data index a39f8754a..d4e8791c1 100644 --- a/tests/suites/test_suite_blowfish.data +++ b/tests/suites/test_suite_blowfish.data @@ -290,10 +290,10 @@ BLOWFISH-CBC Decrypt blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC":"37363534333231204e6f77206973207468652074696d6520666f722000000000":0 BLOWFISH-CBC Encrypt -blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F7220000000":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA +blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F7220000000":"":MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH BLOWFISH-CBC Decrypt -blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC00":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA +blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC00":"":MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH BLOWFISH-CFB Encrypt blowfish_encrypt_cfb64:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000":"e73214a2822139caf26ecf6d2eb9e76e3da3de04d1517200519d57a6c3" From 03f2ffa7bcb38f62cb234ce65c6034cbac3e13ce Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 18 Dec 2018 12:45:06 +0000 Subject: [PATCH 11/11] Undo documentation change in ARIA, Blowfish, Camellia modules --- include/mbedtls/aria.h | 2 +- include/mbedtls/blowfish.h | 2 +- include/mbedtls/camellia.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 9e981d92c..c80c9fd26 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -191,7 +191,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx, * \param input The buffer holding the input data. * \param output The buffer holding the output data. * - * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_BAD_INPUT_DATA + * \return \c 0 on success, or #MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH * on failure. */ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx, diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index ab4fc2316..922d8f82e 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -138,7 +138,7 @@ int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, * \param output buffer holding the output data * * \return 0 if successful, or - * MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA + * MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH */ int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, int mode, diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index e52461281..0a02335ac 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -146,7 +146,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx, * \param output buffer holding the output data * * \return 0 if successful, or - * MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA + * MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH */ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx, int mode,