Deprecate mbedtls_cipher_auth_xxcrypt()
This temporarily breaks all.sh '*deprecated*' (deprecated functions still used
in the library), which will be fix in the next commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 24524c5..9ae2f06 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -857,9 +857,17 @@
unsigned char *output, size_t *olen );
#if defined(MBEDTLS_CIPHER_MODE_AEAD)
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif /* MBEDTLS_DEPRECATED_WARNING */
/**
* \brief The generic authenticated encryption (AEAD) function.
*
+ * \deprecated Superseded by mbedtls_cipher_auth_encrypt_ext().
+ *
* \note This function only supports AEAD algorithms, not key
* wrapping algorithms such as NIST_KW; for this, see
* mbedtls_cipher_auth_encrypt_ext().
@@ -906,14 +914,17 @@
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
- unsigned char *tag, size_t tag_len );
+ unsigned char *tag, size_t tag_len )
+ MBEDTLS_DEPRECATED;
/**
* \brief The generic authenticated decryption (AEAD) function.
*
+ * \deprecated Superseded by mbedtls_cipher_auth_decrypt_ext().
+ *
* \note This function only supports AEAD algorithms, not key
* wrapping algorithms such as NIST_KW; for this, see
- * mbedtls_cipher_auth_encrypt_ext().
+ * mbedtls_cipher_auth_decrypt_ext().
*
* \note If the data is not authentic, then the output buffer
* is zeroed out to prevent the unauthentic plaintext being
@@ -962,7 +973,10 @@
const unsigned char *ad, size_t ad_len,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen,
- const unsigned char *tag, size_t tag_len );
+ const unsigned char *tag, size_t tag_len )
+ MBEDTLS_DEPRECATED;
+#undef MBEDTLS_DEPRECATED
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
diff --git a/library/cipher.c b/library/cipher.c
index 47dafa4..44cba34 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1469,6 +1469,7 @@
return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
}
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/*
* Packet-oriented encryption for AEAD modes: public function.
*/
@@ -1536,6 +1537,7 @@
input, ilen, output, olen,
tag, tag_len ) );
}
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#endif /* MBEDTLS_CIPHER_MODE_AEAD */
#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 543ccf6..3b6d1e3 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -1022,17 +1022,10 @@
int ret;
int using_nist_kw, using_nist_kw_padding;
- unsigned char output[300]; /* Temporary buffer for results of
- * encryption and decryption. */
- unsigned char *output_tag = NULL; /* Temporary buffer for tag in the
- * encryption step. */
mbedtls_cipher_context_t ctx;
size_t outlen;
- unsigned char *tmp_tag = NULL;
- unsigned char *tmp_cipher = NULL;
-
unsigned char *cipher_plus_tag = NULL;
size_t cipher_plus_tag_len;
unsigned char *decrypt_buf = NULL;
@@ -1040,8 +1033,19 @@
unsigned char *encrypt_buf = NULL;
size_t encrypt_buf_len = 0;
- mbedtls_cipher_init( &ctx );
+#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
+ !defined(MBEDTLS_DEPRECATED_REMOVED)
+ unsigned char output[300]; /* Temporary buffer for results of
+ * encryption and decryption. */
+ unsigned char *output_tag = NULL; /* Temporary buffer for tag in the
+ * encryption step. */
+ unsigned char *tmp_tag = NULL;
+ unsigned char *tmp_cipher = NULL;
+
memset( output, 0xFF, sizeof( output ) );
+#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
+
+ mbedtls_cipher_init( &ctx );
/* Initialize PSA Crypto */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1062,6 +1066,12 @@
cipher_id == MBEDTLS_CIPHER_AES_256_KW ||
using_nist_kw_padding;
+ /****************************************************************
+ * *
+ * Part 1: non-deprecated API *
+ * *
+ ****************************************************************/
+
/*
* Prepare context for decryption
*/
@@ -1126,7 +1136,7 @@
TEST_ASSERT( memcmp( decrypt_buf, clear->x, clear->len ) == 0 );
}
- /* Free this, but keep cipher_plus_tag for legacy function with PSA */
+ /* Free this, but keep cipher_plus_tag for deprecated function with PSA */
mbedtls_free( decrypt_buf );
decrypt_buf = NULL;
@@ -1187,6 +1197,15 @@
encrypt_buf = NULL;
}
+ /****************************************************************
+ * *
+ * Part 2: deprecated API *
+ * *
+ ****************************************************************/
+
+#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
+ !defined(MBEDTLS_DEPRECATED_REMOVED)
+
/*
* Prepare context for decryption
*/
@@ -1278,6 +1297,8 @@
}
}
+#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
+
exit:
mbedtls_cipher_free( &ctx );