mbedtls_ecp_write_key(): deprecate the old function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/ChangeLog.d/ecp_write_key.txt b/ChangeLog.d/ecp_write_key.txt
index 1961239..73354c8 100644
--- a/ChangeLog.d/ecp_write_key.txt
+++ b/ChangeLog.d/ecp_write_key.txt
@@ -2,3 +2,7 @@
* The new function mbedtls_ecp_write_key_ext() is similar to
mbedtls_ecp_write_key(), but can be used without separately calculating
the output length.
+
+New deprecations
+ * mbedtls_ecp_write_key() is deprecated in favor of
+ mbedtls_ecp_write_key_ext().
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 58fc5e5..05778cd 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -24,6 +24,7 @@
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
#include "mbedtls/bignum.h"
@@ -1327,10 +1328,11 @@
int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
const unsigned char *buf, size_t buflen);
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief This function exports an elliptic curve private key.
*
- * \note Note that although this function accepts an output
+ * \deprecated Note that although this function accepts an output
* buffer that is smaller or larger than the key, most key
* import interfaces require the output to have exactly
* key's nominal length. It is generally simplest to
@@ -1340,6 +1342,8 @@
* how to calculate the nominal length.
* To avoid this difficulty, use mbedtls_ecp_write_key_ext()
* instead.
+ * mbedtls_ecp_write_key() is deprecated and will be
+ * removed in a future version of the library.
*
* \note If the private key was not set in \p key,
* the output is unspecified. Future versions
@@ -1369,8 +1373,9 @@
* representation is larger than the available space in \p buf.
* \return Another negative error code on different kinds of failure.
*/
-int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
- unsigned char *buf, size_t buflen);
+int MBEDTLS_DEPRECATED mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
+ unsigned char *buf, size_t buflen);
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
/**
* \brief This function exports an elliptic curve private key.
diff --git a/library/ecp.c b/library/ecp.c
index 930102f..0dadaea 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -3302,6 +3302,7 @@
/*
* Write a private key.
*/
+#if !defined MBEDTLS_DEPRECATED_REMOVED
int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
unsigned char *buf, size_t buflen)
{
@@ -3332,6 +3333,7 @@
return ret;
}
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
int mbedtls_ecp_write_key_ext(mbedtls_ecp_keypair *key,
size_t *olen, unsigned char *buf, size_t buflen)
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index ef0781b..9b5c86f 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -1213,10 +1213,12 @@
TEST_MEMORY_COMPARE(in_key->x, in_key->len,
buf, length);
+#if defined(MBEDTLS_TEST_DEPRECATED)
memset(buf, 0, sizeof(buf));
TEST_EQUAL(mbedtls_ecp_write_key(&key, buf, in_key->len), 0);
TEST_MEMORY_COMPARE(in_key->x, in_key->len,
buf, in_key->len);
+#endif /* MBEDTLS_TEST_DEPRECATED */
} else {
unsigned char export1[MBEDTLS_ECP_MAX_BYTES];
unsigned char export2[MBEDTLS_ECP_MAX_BYTES];
@@ -1232,6 +1234,7 @@
TEST_MEMORY_COMPARE(export1, length1,
export2, length2);
+#if defined(MBEDTLS_TEST_DEPRECATED)
memset(export1, 0, sizeof(export1));
memset(export2, 0, sizeof(export2));
TEST_EQUAL(mbedtls_ecp_write_key(&key, export1, in_key->len), 0);
@@ -1240,6 +1243,7 @@
TEST_EQUAL(mbedtls_ecp_write_key(&key2, export2, in_key->len), 0);
TEST_MEMORY_COMPARE(export1, in_key->len,
export2, in_key->len);
+#endif /* MBEDTLS_TEST_DEPRECATED */
}
}
@@ -1249,7 +1253,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_DEPRECATED */
void ecp_write_key(int grp_id, data_t *in_key,
int exported_size, int expected_ret)
{