diff --git a/ChangeLog b/ChangeLog index 4b0c1ebd3..e02a6ac18 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,14 @@ Features suppressing the CA list in Certificate Request messages. The default behaviour has not changed, namely every configured CAs name is included. +API Changes + * The following functions in the AES module have been deprecated and replaced + by the functions shown below. The new functions change the return type from + void to int to allow returning error codes when using MBEDTLS_AES_ALT, + MBEDTLS_AES_DECRYPT_ALT or MBEDTLS_AES_ENCRYPT_ALT. + mbedtls_aes_decrypt() -> mbedtls_internal_aes_decrypt() + mbedtls_aes_encrypt() -> mbedtls_internal_aes_encrypt() + Bugfix * Remove macros from compat-1.3.h that correspond to deleted items from most recent versions of the library. Found by Kyle Keen. diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index a36e825a2..b5560cc81 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -39,6 +39,11 @@ #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + #if !defined(MBEDTLS_AES_ALT) // Regular implementation // @@ -253,10 +258,12 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, * \param ctx AES context * \param input Plaintext block * \param output Output (ciphertext) block + * + * \return 0 if successful */ -void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); /** * \brief Internal AES block decryption function @@ -266,10 +273,59 @@ void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, * \param ctx AES context * \param input Ciphertext block * \param output Output (plaintext) block + * + * \return 0 if successful */ -void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ); +int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); + +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +#if defined(MBEDTLS_DEPRECATED_WARNING) +#define MBEDTLS_DEPRECATED __attribute__((deprecated)) +#else +#define MBEDTLS_DEPRECATED +#endif +/** + * \brief Internal AES block encryption function + * (Only exposed to allow overriding it, + * see MBEDTLS_AES_ENCRYPT_ALT) + * + * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 + * + * \param ctx AES context + * \param input Plaintext block + * \param output Output (ciphertext) block + */ +MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( + mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_encrypt( ctx, input, output ); +} + +/** + * \brief Internal AES block decryption function + * (Only exposed to allow overriding it, + * see MBEDTLS_AES_DECRYPT_ALT) + * + * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 + * + * \param ctx AES context + * \param input Ciphertext block + * \param output Output (plaintext) block + */ +MBEDTLS_DEPRECATED static inline void mbedtls_aes_decrypt( + mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_decrypt( ctx, input, output ); +} + +#undef MBEDTLS_DEPRECATED +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #ifdef __cplusplus } diff --git a/library/aes.c b/library/aes.c index a186dee98..5e01c4f2b 100644 --- a/library/aes.c +++ b/library/aes.c @@ -710,9 +710,9 @@ exit: * AES-ECB block encryption */ #if !defined(MBEDTLS_AES_ENCRYPT_ALT) -void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) +int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) { int i; uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3; @@ -760,6 +760,8 @@ void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, PUT_UINT32_LE( X1, output, 4 ); PUT_UINT32_LE( X2, output, 8 ); PUT_UINT32_LE( X3, output, 12 ); + + return( 0 ); } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ @@ -767,9 +769,9 @@ void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, * AES-ECB block decryption */ #if !defined(MBEDTLS_AES_DECRYPT_ALT) -void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) +int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) { int i; uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3; @@ -817,6 +819,8 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, PUT_UINT32_LE( X1, output, 4 ); PUT_UINT32_LE( X2, output, 8 ); PUT_UINT32_LE( X3, output, 12 ); + + return( 0 ); } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ @@ -846,11 +850,9 @@ int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx, #endif if( mode == MBEDTLS_AES_ENCRYPT ) - mbedtls_aes_encrypt( ctx, input, output ); + return( mbedtls_internal_aes_encrypt( ctx, input, output ) ); else - mbedtls_aes_decrypt( ctx, input, output ); - - return( 0 ); + return( mbedtls_internal_aes_decrypt( ctx, input, output ) ); } #if defined(MBEDTLS_CIPHER_MODE_CBC)