diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index bb020800e2..5f0a7cde84 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -41,11 +41,26 @@ extern "C" { /* We don't support Camellia or ARIA in this module */ #if defined(MBEDTLS_AES_C) -#define MBEDTLS_CIPHER_BLKSIZE_MAX 16 /**< The longest block used by CMAC is that of AES. */ +#define MBEDTLS_CMAC_MAX_BLOCK_SIZE 16 /**< The longest block used by CMAC is that of AES. */ #else -#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /**< The longest block used by CMAC is that of 3DES. */ +#define MBEDTLS_CMAC_MAX_BLOCK_SIZE 8 /**< The longest block used by CMAC is that of 3DES. */ #endif +/** The longest block supported by the cipher module. + * + * \deprecated + * For the maximum block size of a cipher supported by the CMAC module, + * use #MBEDTLS_CMAC_MAX_BLOCK_SIZE. + * For the maximum block size of a cipher supported by the cipher module, + * use #MBEDTLS_MAX_BLOCK_LENGTH. + */ +/* Before Mbed TLS 3.5, this was the maximum block size supported by the CMAC + * module, so it didn't take Camellia or ARIA into account. Since the name + * of the macro doesn't even convey "CMAC", this was misleading. Now the size + * is sufficient for any cipher, but the name is defined in cmac.h for + * backward compatibility. */ +#define MBEDTLS_CIPHER_BLKSIZE_MAX MBEDTLS_MAX_BLOCK_LENGTH + #if !defined(MBEDTLS_CMAC_ALT) /** diff --git a/tests/suites/test_suite_cmac.function b/tests/suites/test_suite_cmac.function index 4597550502..71b5f00667 100644 --- a/tests/suites/test_suite_cmac.function +++ b/tests/suites/test_suite_cmac.function @@ -113,6 +113,8 @@ void mbedtls_cmac_setkey(int cipher_type, int key_size, int result) != NULL); TEST_LE_U(mbedtls_cipher_info_get_block_size(cipher_info), MBEDTLS_CIPHER_BLKSIZE_MAX); + TEST_LE_U(mbedtls_cipher_info_get_block_size(cipher_info), + MBEDTLS_CMAC_MAX_BLOCK_SIZE); memset(buf, 0x2A, sizeof(buf)); TEST_ASSERT((result == mbedtls_cipher_cmac(cipher_info, key, key_size,