From b2aacec417d74f68d1eb01581e353b6623df706e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 18 May 2017 16:53:08 +0300 Subject: [PATCH 1/7] Take Cryptographic API outside the XXX_ALT check The cryptographic API should not be related to whether or not there is alternative implementation. The API should be same for regular implementation, and for alternative implementation, so it is defined outside of the XXX_ALT precompilation check in the cryptographic API header --- ChangeLog | 3 +++ include/mbedtls/aes.h | 24 ++++++++---------------- include/mbedtls/arc4.h | 24 ++++++++---------------- include/mbedtls/blowfish.h | 16 ++++++++-------- include/mbedtls/camellia.h | 24 ++++++++---------------- include/mbedtls/des.h | 23 ++++++++--------------- include/mbedtls/md2.h | 24 ++++++++---------------- include/mbedtls/md4.h | 24 ++++++++---------------- include/mbedtls/md5.h | 24 ++++++++---------------- include/mbedtls/ripemd160.h | 24 ++++++++---------------- include/mbedtls/sha1.h | 24 ++++++++---------------- include/mbedtls/sha256.h | 23 ++++++++--------------- include/mbedtls/sha512.h | 24 ++++++++---------------- include/mbedtls/xtea.h | 24 ++++++++---------------- 14 files changed, 107 insertions(+), 198 deletions(-) diff --git a/ChangeLog b/ChangeLog index aaf34fcef..4249de766 100644 --- a/ChangeLog +++ b/ChangeLog @@ -135,6 +135,9 @@ Changes * Clarify the documentation of mbedtls_ssl_setup. * Use (void) when defining functions with no parameters. Contributed by Joris Aerts. #678 + * Put the Cryptographic API outside of the XXX_ALT macro check, so + alternative header file will not need to redefined the same API, + and to force alternative implementer to use the same API. = mbed TLS 2.7.0 branch released 2018-02-03 diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 46016dcb7..9043ddac4 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -59,14 +59,14 @@ #define inline __inline #endif -#if !defined(MBEDTLS_AES_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_AES_ALT) +// Regular implementation +// + /** * \brief The AES context-type definition. */ @@ -85,6 +85,10 @@ typedef struct } mbedtls_aes_context; +#else /* MBEDTLS_AES_ALT */ +#include "aes_alt.h" +#endif /* MBEDTLS_AES_ALT */ + /** * \brief This function initializes the specified AES context. * @@ -391,18 +395,6 @@ MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_AES_ALT */ -#include "aes_alt.h" -#endif /* MBEDTLS_AES_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine. * diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h index f9d93f822..f11fc5be0 100644 --- a/include/mbedtls/arc4.h +++ b/include/mbedtls/arc4.h @@ -38,14 +38,14 @@ #define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED -0x0019 /**< ARC4 hardware accelerator failed. */ -#if !defined(MBEDTLS_ARC4_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_ARC4_ALT) +// Regular implementation +// + /** * \brief ARC4 context structure * @@ -61,6 +61,10 @@ typedef struct } mbedtls_arc4_context; +#else /* MBEDTLS_ARC4_ALT */ +#include "arc4_alt.h" +#endif /* MBEDTLS_ARC4_ALT */ + /** * \brief Initialize ARC4 context * @@ -118,18 +122,6 @@ void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, unsigned char *output ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_ARC4_ALT */ -#include "arc4_alt.h" -#endif /* MBEDTLS_ARC4_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine * diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index c0ef5a04c..22479be5a 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -44,14 +44,14 @@ #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED -0x0017 /**< Blowfish hardware accelerator failed. */ #define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ -#if !defined(MBEDTLS_BLOWFISH_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_BLOWFISH_ALT) +// Regular implementation +// + /** * \brief Blowfish context structure */ @@ -62,6 +62,10 @@ typedef struct } mbedtls_blowfish_context; +#else /* MBEDTLS_BLOWFISH_ALT */ +#include "blowfish_alt.h" +#endif /* MBEDTLS_BLOWFISH_ALT */ + /** * \brief Initialize Blowfish context * @@ -198,8 +202,4 @@ int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx, } #endif -#else /* MBEDTLS_BLOWFISH_ALT */ -#include "blowfish_alt.h" -#endif /* MBEDTLS_BLOWFISH_ALT */ - #endif /* blowfish.h */ diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index cf07629d9..f0466bfd7 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -40,14 +40,14 @@ #define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */ #define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED -0x0027 /**< Camellia hardware accelerator failed. */ -#if !defined(MBEDTLS_CAMELLIA_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_CAMELLIA_ALT) +// Regular implementation +// + /** * \brief CAMELLIA context structure */ @@ -58,6 +58,10 @@ typedef struct } mbedtls_camellia_context; +#else /* MBEDTLS_CAMELLIA_ALT */ +#include "camellia_alt.h" +#endif /* MBEDTLS_CAMELLIA_ALT */ + /** * \brief Initialize CAMELLIA context * @@ -211,18 +215,6 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx, unsigned char *output ); #endif /* MBEDTLS_CIPHER_MODE_CTR */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_CAMELLIA_ALT */ -#include "camellia_alt.h" -#endif /* MBEDTLS_CAMELLIA_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine * diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 5a1a63652..b0a82df9b 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -46,14 +46,14 @@ #define MBEDTLS_DES_KEY_SIZE 8 -#if !defined(MBEDTLS_DES_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_DES_ALT) +// Regular implementation +// + /** * \brief DES context structure * @@ -67,6 +67,10 @@ typedef struct } mbedtls_des_context; +#else /* MBEDTLS_DES_ALT */ +#include "des_alt.h" +#endif /* MBEDTLS_DES_ALT */ + /** * \brief Triple-DES context structure */ @@ -331,17 +335,6 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx, */ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_DES_ALT */ -#include "des_alt.h" -#endif /* MBEDTLS_DES_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif /** * \brief Checkup routine diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 0fd8b5afc..08e75b247 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -39,14 +39,14 @@ #define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED -0x002B /**< MD2 hardware accelerator failed */ -#if !defined(MBEDTLS_MD2_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_MD2_ALT) +// Regular implementation +// + /** * \brief MD2 context structure * @@ -64,6 +64,10 @@ typedef struct } mbedtls_md2_context; +#else /* MBEDTLS_MD2_ALT */ +#include "md2_alt.h" +#endif /* MBEDTLS_MD2_ALT */ + /** * \brief Initialize MD2 context * @@ -235,18 +239,6 @@ MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_MD2_ALT */ -#include "md2_alt.h" -#endif /* MBEDTLS_MD2_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Output = MD2( input buffer ) * diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index 23fa95e46..8ee4e5cab 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -40,14 +40,14 @@ #define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED -0x002D /**< MD4 hardware accelerator failed */ -#if !defined(MBEDTLS_MD4_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_MD4_ALT) +// Regular implementation +// + /** * \brief MD4 context structure * @@ -64,6 +64,10 @@ typedef struct } mbedtls_md4_context; +#else /* MBEDTLS_MD4_ALT */ +#include "md4_alt.h" +#endif /* MBEDTLS_MD4_ALT */ + /** * \brief Initialize MD4 context * @@ -238,18 +242,6 @@ MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_MD4_ALT */ -#include "md4_alt.h" -#endif /* MBEDTLS_MD4_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Output = MD4( input buffer ) * diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 06ea4c5d4..43ead4b74 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -39,14 +39,14 @@ #define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED -0x002F /**< MD5 hardware accelerator failed */ -#if !defined(MBEDTLS_MD5_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_MD5_ALT) +// Regular implementation +// + /** * \brief MD5 context structure * @@ -63,6 +63,10 @@ typedef struct } mbedtls_md5_context; +#else /* MBEDTLS_MD5_ALT */ +#include "md5_alt.h" +#endif /* MBEDTLS_MD5_ALT */ + /** * \brief Initialize MD5 context * @@ -238,18 +242,6 @@ MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_MD5_ALT */ -#include "md5_alt.h" -#endif /* MBEDTLS_MD5_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Output = MD5( input buffer ) * diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 3a8b50a62..a0dac0c36 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -35,14 +35,14 @@ #define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED -0x0031 /**< RIPEMD160 hardware accelerator failed */ -#if !defined(MBEDTLS_RIPEMD160_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_RIPEMD160_ALT) +// Regular implementation +// + /** * \brief RIPEMD-160 context structure */ @@ -54,6 +54,10 @@ typedef struct } mbedtls_ripemd160_context; +#else /* MBEDTLS_RIPEMD160_ALT */ +#include "ripemd160.h" +#endif /* MBEDTLS_RIPEMD160_ALT */ + /** * \brief Initialize RIPEMD-160 context * @@ -178,18 +182,6 @@ MBEDTLS_DEPRECATED void mbedtls_ripemd160_process( #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_RIPEMD160_ALT */ -#include "ripemd160_alt.h" -#endif /* MBEDTLS_RIPEMD160_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Output = RIPEMD-160( input buffer ) * diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 05540cde1..5fd02d3c0 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -39,14 +39,14 @@ #define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED -0x0035 /**< SHA-1 hardware accelerator failed */ -#if !defined(MBEDTLS_SHA1_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_SHA1_ALT) +// Regular implementation +// + /** * \brief The SHA-1 context structure. * @@ -63,6 +63,10 @@ typedef struct } mbedtls_sha1_context; +#else /* MBEDTLS_SHA1_ALT */ +#include "sha1_alt.h" +#endif /* MBEDTLS_SHA1_ALT */ + /** * \brief This function initializes a SHA-1 context. * @@ -240,18 +244,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_SHA1_ALT */ -#include "sha1_alt.h" -#endif /* MBEDTLS_SHA1_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief This function calculates the SHA-1 checksum of a buffer. * diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index ffb16c277..8d7a1f733 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -35,14 +35,14 @@ #define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED -0x0037 /**< SHA-256 hardware accelerator failed */ -#if !defined(MBEDTLS_SHA256_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_SHA256_ALT) +// Regular implementation +// + /** * \brief The SHA-256 context structure. * @@ -61,6 +61,10 @@ typedef struct } mbedtls_sha256_context; +#else /* MBEDTLS_SHA256_ALT */ +#include "sha256_alt.h" +#endif /* MBEDTLS_SHA256_ALT */ + /** * \brief This function initializes a SHA-256 context. * @@ -196,17 +200,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx, #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_SHA256_ALT */ -#include "sha256_alt.h" -#endif /* MBEDTLS_SHA256_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif /** * \brief This function calculates the SHA-224 or SHA-256 diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 8404a2d59..c4eb5a93c 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -35,14 +35,14 @@ #define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED -0x0039 /**< SHA-512 hardware accelerator failed */ -#if !defined(MBEDTLS_SHA512_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_SHA512_ALT) +// Regular implementation +// + /** * \brief The SHA-512 context structure. * @@ -61,6 +61,10 @@ typedef struct } mbedtls_sha512_context; +#else /* MBEDTLS_SHA512_ALT */ +#include "sha512_alt.h" +#endif /* MBEDTLS_SHA512_ALT */ + /** * \brief This function initializes a SHA-512 context. * @@ -198,18 +202,6 @@ MBEDTLS_DEPRECATED void mbedtls_sha512_process( #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_SHA512_ALT */ -#include "sha512_alt.h" -#endif /* MBEDTLS_SHA512_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief This function calculates the SHA-512 or SHA-384 * checksum of a buffer. diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h index 34ccee3c2..8df708a3a 100644 --- a/include/mbedtls/xtea.h +++ b/include/mbedtls/xtea.h @@ -39,14 +39,14 @@ #define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */ #define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED -0x0029 /**< XTEA hardware accelerator failed. */ -#if !defined(MBEDTLS_XTEA_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_XTEA_ALT) +// Regular implementation +// + /** * \brief XTEA context structure */ @@ -56,6 +56,10 @@ typedef struct } mbedtls_xtea_context; +#else /* MBEDTLS_XTEA_ALT */ +#include "xtea_alt.h" +#endif /* MBEDTLS_XTEA_ALT */ + /** * \brief Initialize XTEA context * @@ -115,18 +119,6 @@ int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, unsigned char *output); #endif /* MBEDTLS_CIPHER_MODE_CBC */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_XTEA_ALT */ -#include "xtea_alt.h" -#endif /* MBEDTLS_XTEA_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine * From 4e6d55d14d1156c20f184640d9b259402da579f5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 7 Feb 2018 16:36:15 +0200 Subject: [PATCH 2/7] Add new modules to the refactoring Add new alternative supported modules to the new arcitecture design --- include/mbedtls/ccm.h | 22 ++++++++-------------- include/mbedtls/cmac.h | 16 ++++------------ include/mbedtls/dhm.h | 19 ++++++------------- include/mbedtls/ecjpake.h | 20 +++++++------------- include/mbedtls/gcm.h | 20 ++++++-------------- include/mbedtls/rsa.h | 24 ++++++++---------------- 6 files changed, 39 insertions(+), 82 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 630b7fdf6..48f73edda 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -40,14 +40,15 @@ #define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ #define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */ -#if !defined(MBEDTLS_CCM_ALT) -// Regular implementation -// #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_CCM_ALT) +// Regular implementation +// + /** * \brief The CCM context-type definition. The CCM context is passed * to the APIs called. @@ -57,6 +58,10 @@ typedef struct { } mbedtls_ccm_context; +#else /* MBEDTLS_CCM_ALT */ +#include "ccm_alt.h" +#endif /* MBEDTLS_CCM_ALT */ + /** * \brief This function initializes the specified CCM context, * to make references valid, and prepare the context @@ -148,17 +153,6 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_CCM_ALT */ -#include "ccm_alt.h" -#endif /* MBEDTLS_CCM_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /** diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 628c9daba..bb203cf68 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -61,6 +61,10 @@ struct mbedtls_cmac_context_t size_t unprocessed_len; }; +#else /* !MBEDTLS_CMAC_ALT */ +#include "cmac_alt.h" +#endif /* !MBEDTLS_CMAC_ALT */ + /** * \brief This function sets the CMAC key, and prepares to authenticate * the input data. @@ -180,18 +184,6 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, unsigned char output[16] ); #endif /* MBEDTLS_AES_C */ -#ifdef __cplusplus -} -#endif - -#else /* !MBEDTLS_CMAC_ALT */ -#include "cmac_alt.h" -#endif /* !MBEDTLS_CMAC_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - #if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) /** * \brief The CMAC checkup routine. diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 00fafd8d1..1bf572abe 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -65,7 +65,6 @@ #include MBEDTLS_CONFIG_FILE #endif #include "bignum.h" -#if !defined(MBEDTLS_DHM_ALT) /* * DHM Error codes @@ -86,6 +85,8 @@ extern "C" { #endif +#if !defined(MBEDTLS_DHM_ALT) + /** * \brief The DHM context structure. */ @@ -105,6 +106,10 @@ typedef struct } mbedtls_dhm_context; +#else /* MBEDTLS_DHM_ALT */ +#include "dhm_alt.h" +#endif /* MBEDTLS_DHM_ALT */ + /** * \brief This function initializes the DHM context. * @@ -282,18 +287,6 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path ); #endif /* MBEDTLS_FS_IO */ #endif /* MBEDTLS_ASN1_PARSE_C */ -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_DHM_ALT */ -#include "dhm_alt.h" -#endif /* MBEDTLS_DHM_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief The DMH checkup routine. * diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index d86e8207f..cc2b316f5 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -44,8 +44,6 @@ #include "ecp.h" #include "md.h" -#if !defined(MBEDTLS_ECJPAKE_ALT) - #ifdef __cplusplus extern "C" { #endif @@ -58,6 +56,7 @@ typedef enum { MBEDTLS_ECJPAKE_SERVER, /**< Server */ } mbedtls_ecjpake_role; +#if !defined(MBEDTLS_ECJPAKE_ALT) /** * EC J-PAKE context structure. * @@ -88,6 +87,10 @@ typedef struct mbedtls_mpi s; /**< Pre-shared secret (passphrase) */ } mbedtls_ecjpake_context; +#else /* MBEDTLS_ECJPAKE_ALT */ +#include "ecjpake_alt.h" +#endif /* MBEDTLS_ECJPAKE_ALT */ + /** * \brief Initialize a context * (just makes it ready for setup() or free()). @@ -225,20 +228,10 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, */ void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx ); -#ifdef __cplusplus -} -#endif -#else /* MBEDTLS_ECJPAKE_ALT */ -#include "ecjpake_alt.h" -#endif /* MBEDTLS_ECJPAKE_ALT */ #if defined(MBEDTLS_SELF_TEST) -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief Checkup routine * @@ -246,10 +239,11 @@ extern "C" { */ int mbedtls_ecjpake_self_test( int verbose ); +#endif /* MBEDTLS_SELF_TEST */ + #ifdef __cplusplus } #endif -#endif /* MBEDTLS_SELF_TEST */ #endif /* ecjpake.h */ diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 1e5a507a2..c2965e977 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -42,12 +42,12 @@ #define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED -0x0013 /**< GCM hardware accelerator failed. */ #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */ -#if !defined(MBEDTLS_GCM_ALT) - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_GCM_ALT) + /** * \brief The GCM context structure. */ @@ -66,6 +66,10 @@ typedef struct { } mbedtls_gcm_context; +#else /* !MBEDTLS_GCM_ALT */ +#include "gcm_alt.h" +#endif /* !MBEDTLS_GCM_ALT */ + /** * \brief This function initializes the specified GCM context, * to make references valid, and prepares the context @@ -236,18 +240,6 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, */ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); -#ifdef __cplusplus -} -#endif - -#else /* !MBEDTLS_GCM_ALT */ -#include "gcm_alt.h" -#endif /* !MBEDTLS_GCM_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief The GCM checkup routine. * diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 5548f3c12..6ede7cb1c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -76,14 +76,14 @@ * eg for alternative (PKCS#11) RSA implemenations in the PK layers. */ -#if !defined(MBEDTLS_RSA_ALT) -// Regular implementation -// - #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_RSA_ALT) +// Regular implementation +// + /** * \brief The RSA context structure. * @@ -128,6 +128,10 @@ typedef struct } mbedtls_rsa_context; +#else /* MBEDTLS_RSA_ALT */ +#include "rsa_alt.h" +#endif /* MBEDTLS_RSA_ALT */ + /** * \brief This function initializes an RSA context. * @@ -1112,18 +1116,6 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) */ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_RSA_ALT */ -#include "rsa_alt.h" -#endif /* MBEDTLS_RSA_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - /** * \brief The RSA checkup routine. * From 1c9f9be9a29b7b4d02b17877702369132515c9ed Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 7 Feb 2018 16:40:17 +0200 Subject: [PATCH 3/7] update ChangeLog Update ChangeLog with suggested rephrasing --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 4249de766..a00ad1beb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -138,7 +138,7 @@ Changes * Put the Cryptographic API outside of the XXX_ALT macro check, so alternative header file will not need to redefined the same API, and to force alternative implementer to use the same API. - + = mbed TLS 2.7.0 branch released 2018-02-03 Security From 810e650c707f9bce7d5eb679f2f5ecc85b32abc3 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 1 Apr 2018 15:59:58 +0300 Subject: [PATCH 4/7] Adjust more modules to new design Add `ecp.h` anf `timing.h` to new XXX_alt design --- ChangeLog | 2 +- include/mbedtls/ecp.h | 16 ++++++++-------- include/mbedtls/timing.h | 24 ++++++++---------------- 3 files changed, 17 insertions(+), 25 deletions(-) diff --git a/ChangeLog b/ChangeLog index a00ad1beb..4249de766 100644 --- a/ChangeLog +++ b/ChangeLog @@ -138,7 +138,7 @@ Changes * Put the Cryptographic API outside of the XXX_ALT macro check, so alternative header file will not need to redefined the same API, and to force alternative implementer to use the same API. - + = mbed TLS 2.7.0 branch released 2018-02-03 Security diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index d8c68233d..fe346141a 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -39,6 +39,10 @@ #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */ #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED -0x4B80 /**< ECP hardware accelerator failed. */ +#ifdef __cplusplus +extern "C" { +#endif + #if !defined(MBEDTLS_ECP_ALT) /* * default mbed TLS elliptic curve arithmetic implementation @@ -48,10 +52,6 @@ * one.) */ -#ifdef __cplusplus -extern "C" { -#endif - /** * Domain parameters (curve, subgroup and generator) identifiers. * @@ -237,6 +237,10 @@ mbedtls_ecp_keypair; #define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */ #define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format */ +#else /* MBEDTLS_ECP_ALT */ +#include "ecp_alt.h" +#endif /* MBEDTLS_ECP_ALT */ + /* * Some other constants from RFC 4492 */ @@ -679,8 +683,4 @@ int mbedtls_ecp_self_test( int verbose ); } #endif -#else /* MBEDTLS_ECP_ALT */ -#include "ecp_alt.h" -#endif /* MBEDTLS_ECP_ALT */ - #endif /* ecp.h */ diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 2c497bf4e..bbcb90688 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -30,16 +30,16 @@ #include MBEDTLS_CONFIG_FILE #endif -#if !defined(MBEDTLS_TIMING_ALT) -// Regular implementation -// - #include #ifdef __cplusplus extern "C" { #endif +#if !defined(MBEDTLS_TIMING_ALT) +// Regular implementation +// + /** * \brief timer structure */ @@ -58,6 +58,10 @@ typedef struct uint32_t fin_ms; } mbedtls_timing_delay_context; +#else /* MBEDTLS_TIMING_ALT */ +#include "timing_alt.h" +#endif /* MBEDTLS_TIMING_ALT */ + extern volatile int mbedtls_timing_alarmed; /** @@ -133,18 +137,6 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); */ int mbedtls_timing_get_delay( void *data ); -#ifdef __cplusplus -} -#endif - -#else /* MBEDTLS_TIMING_ALT */ -#include "timing_alt.h" -#endif /* MBEDTLS_TIMING_ALT */ - -#ifdef __cplusplus -extern "C" { -#endif - #if defined(MBEDTLS_SELF_TEST) /** * \brief Checkup routine From bf027e736a64af33307f15a5d1bd5c491c9b822e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Apr 2018 15:51:19 +0300 Subject: [PATCH 5/7] Minor modifications after PR review 1. Move ChangLog entry to correct location 2. Move point formats outside the ECP_ALT check, as it's part of the RFC --- ChangeLog | 6 +++--- include/mbedtls/ecp.h | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4249de766..a005eb258 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,6 +54,9 @@ Changes Wilson #481 * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov. + * Put the Cryptographic API outside of the XXX_ALT macro check, so + alternative header file will not need to redefined the same API, + and to force alternative implementer to use the same API. = mbed TLS 2.8.0 branch released 2018-03-16 @@ -135,9 +138,6 @@ Changes * Clarify the documentation of mbedtls_ssl_setup. * Use (void) when defining functions with no parameters. Contributed by Joris Aerts. #678 - * Put the Cryptographic API outside of the XXX_ALT macro check, so - alternative header file will not need to redefined the same API, - and to force alternative implementer to use the same API. = mbed TLS 2.7.0 branch released 2018-02-03 diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index fe346141a..1bc5ac9e6 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -231,16 +231,16 @@ mbedtls_ecp_keypair; /* \} name SECTION: Module settings */ +#else /* MBEDTLS_ECP_ALT */ +#include "ecp_alt.h" +#endif /* MBEDTLS_ECP_ALT */ + /* * Point formats, from RFC 4492's enum ECPointFormat */ #define MBEDTLS_ECP_PF_UNCOMPRESSED 0 /**< Uncompressed point format */ #define MBEDTLS_ECP_PF_COMPRESSED 1 /**< Compressed point format */ -#else /* MBEDTLS_ECP_ALT */ -#include "ecp_alt.h" -#endif /* MBEDTLS_ECP_ALT */ - /* * Some other constants from RFC 4492 */ From 05d0e51bb1cdace99da6571967af1c9adc3b74f8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 16 Apr 2018 17:40:04 +0300 Subject: [PATCH 6/7] Minor modifications for alt support in des and ecp 1. Add 3des context to be allowed for alternative defintion 2. Move some ecp structs, to disallow alternative definition of them, as other modules rely on them --- include/mbedtls/des.h | 8 ++++---- include/mbedtls/ecp.h | 48 +++++++++++++++++++++---------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index b0a82df9b..6eb7d03ba 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -67,10 +67,6 @@ typedef struct } mbedtls_des_context; -#else /* MBEDTLS_DES_ALT */ -#include "des_alt.h" -#endif /* MBEDTLS_DES_ALT */ - /** * \brief Triple-DES context structure */ @@ -80,6 +76,10 @@ typedef struct } mbedtls_des3_context; +#else /* MBEDTLS_DES_ALT */ +#include "des_alt.h" +#endif /* MBEDTLS_DES_ALT */ + /** * \brief Initialize DES context * diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 1bc5ac9e6..45a2452a1 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -43,15 +43,6 @@ extern "C" { #endif -#if !defined(MBEDTLS_ECP_ALT) -/* - * default mbed TLS elliptic curve arithmetic implementation - * - * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an - * alternative implementation for the whole module and it will replace this - * one.) - */ - /** * Domain parameters (curve, subgroup and generator) identifiers. * @@ -113,6 +104,15 @@ typedef struct } mbedtls_ecp_point; +#if !defined(MBEDTLS_ECP_ALT) +/* + * default mbed TLS elliptic curve arithmetic implementation + * + * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an + * alternative implementation for the whole module and it will replace this + * one.) + */ + /** * \brief ECP group structure * @@ -157,21 +157,6 @@ typedef struct } mbedtls_ecp_group; -/** - * \brief ECP key pair structure - * - * A generic key pair that could be used for ECDSA, fixed ECDH, etc. - * - * \note Members purposefully in the same order as struc mbedtls_ecdsa_context. - */ -typedef struct -{ - mbedtls_ecp_group grp; /*!< Elliptic curve and base point */ - mbedtls_mpi d; /*!< our secret value */ - mbedtls_ecp_point Q; /*!< our public value */ -} -mbedtls_ecp_keypair; - /** * \name SECTION: Module settings * @@ -235,6 +220,21 @@ mbedtls_ecp_keypair; #include "ecp_alt.h" #endif /* MBEDTLS_ECP_ALT */ +/** + * \brief ECP key pair structure + * + * A generic key pair that could be used for ECDSA, fixed ECDH, etc. + * + * \note Members purposefully in the same order as struc mbedtls_ecdsa_context. + */ +typedef struct +{ + mbedtls_ecp_group grp; /*!< Elliptic curve and base point */ + mbedtls_mpi d; /*!< our secret value */ + mbedtls_ecp_point Q; /*!< our public value */ +} +mbedtls_ecp_keypair; + /* * Point formats, from RFC 4492's enum ECPointFormat */ From 81021ca2da964aa34e30fba8ee672ddfbb504722 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 19 Apr 2018 20:59:06 +0200 Subject: [PATCH 7/7] Improve ChangeLog entry --- ChangeLog | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index a005eb258..f0ccec9bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -54,9 +54,11 @@ Changes Wilson #481 * Improve the documentation of mbedtls_net_accept(). Contributed by Ivan Krylov. - * Put the Cryptographic API outside of the XXX_ALT macro check, so - alternative header file will not need to redefined the same API, - and to force alternative implementer to use the same API. + * Declare functions in header files even when an alternative implementation + of the corresponding module is activated by defining the corresponding + MBEDTLS_XXX_ALT macro. This means that alternative implementations do + not need to copy the declarations, and ensures that they will have the + same API. = mbed TLS 2.8.0 branch released 2018-03-16