compile time warning of 128bit ctr_drbg keys and standardized warnings
a compile time print was added warning in case of 128bit ctr_drbg keys.
This was don't to avoid an actual warning in these cases
(making build with warnings as errors possible).
Additional warnings on the Changelog/headers were set to use the same phrasing
phrasing was approved by Gilles and Janos.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 157eeba..3471001 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -36,10 +36,26 @@
"${NULL_ENTROPY_WARN_L3}"
"${WARNING_BORDER}")
-find_package(PythonInterp)
+set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n")
+set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n")
+set(CTR_DRBG_128_BIT_KEY_WARN_L3 "**** keys and operations that use random values generated to 128-bit security\n")
+
+set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}"
+ "${CTR_DRBG_128_BIT_KEY_WARN_L1}"
+ "${CTR_DRBG_128_BIT_KEY_WARN_L2}"
+ "${CTR_DRBG_128_BIT_KEY_WARN_L3}"
+ "${WARNING_BORDER}")
+
find_package(Perl)
if(PERL_FOUND)
+ # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
+ execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ RESULT_VARIABLE result)
+ if(${result} EQUAL 0)
+ message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})
+ endif()
+
# If NULL Entropy is configured, display an appropriate warning
execute_process(COMMAND ${PERL_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.pl -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY
RESULT_VARIABLE result)
diff --git a/ChangeLog b/ChangeLog
index d43ba74..7bc6710 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -71,8 +71,8 @@
independently contributed again by Paul Sokolovsky.
* Add support for key wrapping modes based on AES as defined by
NIST SP 800-38F algorithms KW and KWP and by RFC 3394 and RFC 5649.
- * Add support different keys sizes to CTR_CRBG. Note: using shorter keys
- than 256 bit may decrease security.
+ * Add support for 128-bit keys in CTR_DRBG. Note that using keys shorter
+ than 256 bits limits the security of generated material to 128 bits.
Bugfix
* Fix the key_app_writer example which was writing a leading zero byte which
diff --git a/Makefile b/Makefile
index 78c1acb..f4c0a00 100644
--- a/Makefile
+++ b/Makefile
@@ -61,9 +61,21 @@
NULL_ENTROPY_WARNING=\n$(WARNING_BORDER)$(NULL_ENTROPY_WARN_L1)$(NULL_ENTROPY_WARN_L2)$(NULL_ENTROPY_WARN_L3)$(WARNING_BORDER)
+WARNING_BORDER_LONG =**********************************************************************************\n
+CTR_DRBG_128_BIT_KEY_WARN_L1=**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined! ****\n
+CTR_DRBG_128_BIT_KEY_WARN_L2=**** Using 128-bit keys for CTR_DRBG limits the security of generated ****\n
+CTR_DRBG_128_BIT_KEY_WARN_L3=**** keys and operations that use random values generated to 128-bit security ****\n
+
+CTR_DRBG_128_BIT_KEY_WARNING=\n$(WARNING_BORDER_LONG)$(CTR_DRBG_128_BIT_KEY_WARN_L1)$(CTR_DRBG_128_BIT_KEY_WARN_L2)$(CTR_DRBG_128_BIT_KEY_WARN_L3)$(WARNING_BORDER_LONG)
+
# Post build steps
post_build:
ifndef WINDOWS
+
+ # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
+ -scripts/config.pl get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \
+ echo '$(CTR_DRBG_128_BIT_KEY_WARNING)'
+
# If NULL Entropy is configured, display an appropriate warning
-scripts/config.pl get MBEDTLS_TEST_NULL_ENTROPY && ([ $$? -eq 0 ]) && \
echo '$(NULL_ENTROPY_WARNING)'
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 5e0d1f0..f08a979 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -11,8 +11,8 @@
* The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128
* as the underlying block cipher.
*
- * * \warning ARC4 is considered a weak cipher and its use constitutes a
- * security risk. We recommend considering stronger ciphers instead.
+ * \warning Using 128-bit keys for CTR_DRBG limits the security of generated
+ * keys and operations that use random values generated to 128-bit security.
*/
/*
* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved