Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
and deprecate mbedtls_pkcs12_pbe function.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index 363f812..18a53cf 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -52,6 +52,7 @@
#if defined(MBEDTLS_ASN1_PARSE_C)
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief PKCS12 Password Based function (encryption / decryption)
* for cipher-based and mbedtls_md-based PBE's
@@ -59,6 +60,10 @@
* \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must
* be enabled at compile time.
*
+ * \deprecated This function is deprecated and will be removed in a
+ * future version of the library.
+ * Please use mbedtls_pkcs12_pbe_ext() instead.
+ *
* \warning When decrypting:
* - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile
* time, this function validates the CBC padding and returns
@@ -93,11 +98,12 @@
*
* \return 0 if successful, or a MBEDTLS_ERR_XXX code
*/
-int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
+int MBEDTLS_DEPRECATED mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
const unsigned char *pwd, size_t pwdlen,
const unsigned char *data, size_t len,
unsigned char *output);
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
diff --git a/library/pkcs12.c b/library/pkcs12.c
index ad0f9e6..dd3a240 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -138,6 +138,7 @@
size_t *output_len);
#endif
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
const unsigned char *pwd, size_t pwdlen,
@@ -154,6 +155,7 @@
pwd, pwdlen, data, len, output, SIZE_MAX,
&output_len);
}
+#endif
int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode,
mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
diff --git a/library/pkparse.c b/library/pkparse.c
index 188cc28..9a8c7ee 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1417,13 +1417,12 @@
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
return MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
-#if !defined(MBEDTLS_PKCS12_C)
end = p + len;
if (end != (key + keylen)) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
-#endif
+
return 0;
}
@@ -1498,16 +1497,16 @@
*/
#if defined(MBEDTLS_PKCS12_C)
if (mbedtls_oid_get_pkcs12_pbe_alg(&pbe_alg_oid, &md_alg, &cipher_alg) == 0) {
- if ((ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
+ if ((ret = mbedtls_pkcs12_pbe_ext(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT,
cipher_alg, md_alg,
- pwd, pwdlen, p, len, buf)) != 0) {
+ pwd, pwdlen, p, len, buf, len, &outlen)) != 0) {
if (ret == MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH) {
return MBEDTLS_ERR_PK_PASSWORD_MISMATCH;
}
return ret;
}
- outlen = len;
+
decrypted = 1;
} else
#endif /* MBEDTLS_PKCS12_C */
diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function
index 3e8ff5b..1d0c287 100644
--- a/tests/suites/test_suite_pkcs12.function
+++ b/tests/suites/test_suite_pkcs12.function
@@ -90,6 +90,7 @@
pbe_params.len = params_hex->len;
pbe_params.p = params_hex->x;
+#if defined(MBEDTLS_TEST_DEPRECATED)
if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_ENCRYPT, cipher_alg,
md_alg, pw->x, pw->len, data->x, data->len, my_out);
@@ -99,6 +100,7 @@
ASSERT_COMPARE(my_out, ref_out->len,
ref_out->x, ref_out->len);
}
+#endif
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
@@ -143,6 +145,7 @@
pbe_params.len = params_hex->len;
pbe_params.p = params_hex->x;
+#if defined(MBEDTLS_TEST_DEPRECATED)
if (ref_ret != MBEDTLS_ERR_ASN1_BUF_TOO_SMALL) {
my_ret = mbedtls_pkcs12_pbe(&pbe_params, MBEDTLS_PKCS12_PBE_DECRYPT, cipher_alg,
md_alg, pw->x, pw->len, data->x, data->len, my_out);
@@ -153,6 +156,7 @@
ASSERT_COMPARE(my_out, ref_out->len,
ref_out->x, ref_out->len);
}
+#endif
#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)