yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 10:55:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate MBEDTLS_PKCS11_C functions

Browse Source
This commit is contained in:
Andres Amaya Garcia 2018-12-05 20:52:29 +00:00 committed by Manuel Pégourié-Gonnard
parent 2047cd9ed6
commit 0d6e108b13
1 changed files with 67 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
include/mbedtls/pkcs11.h
View File

@ -56,47 +56,81 @@ typedef struct mbedtls_pkcs11_context
int len; int len;
} mbedtls_pkcs11_context; } mbedtls_pkcs11_context;
/*
* NOTE: It is not necessary to enclose the definitions with
* MBEDTLS_DEPRECATED_REMOVED because we already have a check for the full
* MBEDTLS_PKCS11_C feature that makes compilation fail even before we get
* here.
*/
#if defined(MBEDTLS_DEPRECATED_WARNING)
#define MBEDTLS_DEPRECATED __attribute__((deprecated))
#else
#define MBEDTLS_DEPRECATED
#endif
/** /**
* Initialize a mbedtls_pkcs11_context. * Initialize a mbedtls_pkcs11_context.
* (Just making memory references valid.) * (Just making memory references valid.)
*
* \deprecated It is deprecated and discouraged to call this function
* as future versions of the library are likely to remove
* it.
*/ */
void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx ); MBEDTLS_DEPRECATED void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
/** /**
* Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate. * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
* *
* \deprecated It is deprecated and discouraged to call this function
* as future versions of the library are likely to remove
* it.
*
* \param cert X.509 certificate to fill * \param cert X.509 certificate to fill
* \param pkcs11h_cert PKCS #11 helper certificate * \param pkcs11h_cert PKCS #11 helper certificate
* *
* \return 0 on success. * \return 0 on success.
*/ */
int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert ); MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert,
pkcs11h_certificate_t pkcs11h_cert );
/** /**
* Set up a mbedtls_pkcs11_context storing the given certificate. Note that the * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the
* mbedtls_pkcs11_context will take over control of the certificate, freeing it when * mbedtls_pkcs11_context will take over control of the certificate, freeing it when
* done. * done.
* *
* \deprecated It is deprecated and discouraged to call this function
* as future versions of the library are likely to remove
* it.
*
* \param priv_key Private key structure to fill. * \param priv_key Private key structure to fill.
* \param pkcs11_cert PKCS #11 helper certificate * \param pkcs11_cert PKCS #11 helper certificate
* *
* \return 0 on success * \return 0 on success
*/ */
int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key, MBEDTLS_DEPRECATED int mbedtls_pkcs11_priv_key_bind(
pkcs11h_certificate_t pkcs11_cert ); mbedtls_pkcs11_context *priv_key,
pkcs11h_certificate_t pkcs11_cert );
/** /**
* Free the contents of the given private key context. Note that the structure * Free the contents of the given private key context. Note that the structure
* itself is not freed. * itself is not freed.
* *
* \deprecated It is deprecated and discouraged to call this function
* as future versions of the library are likely to remove
* it.
*
* \param priv_key Private key structure to cleanup * \param priv_key Private key structure to cleanup
*/ */
void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key ); MBEDTLS_DEPRECATED void mbedtls_pkcs11_priv_key_free(
mbedtls_pkcs11_context *priv_key );
/** /**
* \brief Do an RSA private key decrypt, then remove the message * \brief Do an RSA private key decrypt, then remove the message
* padding * padding
* *
* \deprecated It is deprecated and discouraged to call this function as
* future versions of the library are likely to remove it.
*
* \param ctx PKCS #11 context * \param ctx PKCS #11 context
* \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature * \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
* \param input buffer holding the encrypted data * \param input buffer holding the encrypted data
@ -110,15 +144,18 @@ void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key );
* of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
* an error is thrown. * an error is thrown.
*/ */
int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx, MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
int mode, size_t *olen, int mode, size_t *olen,
const unsigned char *input, const unsigned char *input,
unsigned char *output, unsigned char *output,
size_t output_max_len ); size_t output_max_len );
/** /**
* \brief Do a private RSA to sign a message digest * \brief Do a private RSA to sign a message digest
* *
* \deprecated It is deprecated and discouraged to call this function as
* future versions of the library are likely to remove it.
*
* \param ctx PKCS #11 context * \param ctx PKCS #11 context
* \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature * \param mode must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
* \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
@ -132,28 +169,32 @@ int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
* \note The "sig" buffer must be as large as the size * \note The "sig" buffer must be as large as the size
* of ctx->N (eg. 128 bytes if RSA-1024 is used). * of ctx->N (eg. 128 bytes if RSA-1024 is used).
*/ */
int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx, MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
int mode, int mode,
mbedtls_md_type_t md_alg, mbedtls_md_type_t md_alg,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
unsigned char *sig ); unsigned char *sig );
/** /**
* SSL/TLS wrappers for PKCS#11 functions * SSL/TLS wrappers for PKCS#11 functions
*
* \deprecated It is deprecated and discouraged to call these functions as
* future versions of the library are likely to remove them.
*/ */
static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen, MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx,
const unsigned char *input, unsigned char *output, int mode, size_t *olen,
size_t output_max_len ) const unsigned char *input, unsigned char *output,
size_t output_max_len )
{ {
return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output, return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
output_max_len ); output_max_len );
} }
static inline int mbedtls_ssl_pkcs11_sign( void *ctx, MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig ) const unsigned char *hash, unsigned char *sig )
{ {
((void) f_rng); ((void) f_rng);
((void) p_rng); ((void) p_rng);
@ -161,11 +202,13 @@ static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
hashlen, hash, sig ); hashlen, hash, sig );
} }
static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx ) MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
{ {
return ( (mbedtls_pkcs11_context *) ctx )->len; return ( (mbedtls_pkcs11_context *) ctx )->len;
} }
#undef MBEDTLS_DEPRECATED
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif