Rm dead !USE_PSA code: ssl_tls13_xxx (part 1)

unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls13*.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-05-08 16:15:04 +08:00 · 2025-01-23 09:46:14 +01:00 · 2025-01-23 09:46:14 +01:00 · 855f5bf244
commit 855f5bf244
parent 48e0e3a356
2 changed files with 0 additions and 69 deletions
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@ -925,23 +925,17 @@ int mbedtls_ssl_tls13_populate_transform(
    mbedtls_ssl_key_set const *traffic_keys,
    mbedtls_ssl_context *ssl /* DEBUG ONLY */)
 {
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-    int ret;
-    mbedtls_cipher_info_t const *cipher_info;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
    unsigned char const *key_enc;
    unsigned char const *iv_enc;
    unsigned char const *key_dec;
    unsigned char const *iv_dec;

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_key_type_t key_type;
    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
    psa_algorithm_t alg;
    size_t key_bits;
    psa_status_t status = PSA_SUCCESS;
-#endif

 #if !defined(MBEDTLS_DEBUG_C)
    ssl = NULL; /* make sure we don't use it except for those cases */
@ -955,29 +949,6 @@ int mbedtls_ssl_tls13_populate_transform(
        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
    }

-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-    cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher);
-    if (cipher_info == NULL) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found",
-                                  ciphersuite_info->cipher));
-        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
-    }
-
-    /*
-     * Setup cipher contexts in target transform
-     */
-    if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc,
-                                    cipher_info)) != 0) {
-        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
-        return ret;
-    }
-
-    if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec,
-                                    cipher_info)) != 0) {
-        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
-        return ret;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

 #if defined(MBEDTLS_SSL_SRV_C)
    if (endpoint == MBEDTLS_SSL_IS_SERVER) {
@ -1003,21 +974,6 @@ int mbedtls_ssl_tls13_populate_transform(
    memcpy(transform->iv_enc, iv_enc, traffic_keys->iv_len);
    memcpy(transform->iv_dec, iv_dec, traffic_keys->iv_len);

-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-    if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc,
-                                     key_enc, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
-                                     MBEDTLS_ENCRYPT)) != 0) {
-        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
-        return ret;
-    }
-
-    if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec,
-                                     key_dec, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
-                                     MBEDTLS_DECRYPT)) != 0) {
-        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
-        return ret;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

    /*
     * Setup other fields in SSL transform
@ -1041,7 +997,6 @@ int mbedtls_ssl_tls13_populate_transform(
    transform->minlen =
        transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    /*
     * Setup psa keys and alg
     */
@ -1082,7 +1037,6 @@ int mbedtls_ssl_tls13_populate_transform(
            return PSA_TO_MBEDTLS_ERR(status);
        }
    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

    return 0;
 }
@ -1839,7 +1793,6 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl,
                                           unsigned char **psk,
                                           size_t *psk_len)
 {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;

@ -1869,14 +1822,6 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl,
        return PSA_TO_MBEDTLS_ERR(status);
    }
    return 0;
-#else
-    *psk = ssl->handshake->psk;
-    *psk_len = ssl->handshake->psk_len;
-    if (*psk == NULL) {
-        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-    }
-    return 0;
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
 }
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */

--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@ -435,9 +435,7 @@ static int ssl_tls13_offered_psks_check_binder_match(
                                              psk, psk_len, psk_type,
                                              transcript,
                                              server_computed_binder);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    mbedtls_free((void *) psk);
-#endif
    if (ret != 0) {
        MBEDTLS_SSL_DEBUG_MSG(1, ("PSK binder calculation failed."));
        return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
@ -739,11 +737,7 @@ static int ssl_tls13_write_server_pre_shared_key_ext(mbedtls_ssl_context *ssl,
    *olen = 0;

    int not_using_psk = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque));
-#else
-    not_using_psk = (ssl->handshake->psk == NULL);
-#endif
    if (not_using_psk) {
        /* We shouldn't have called this extension writer unless we've
         * chosen to use a PSK. */
@ -1078,7 +1072,6 @@ static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ss
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && \
    defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg)
 {
    switch (sig_alg) {
@ -1104,7 +1097,6 @@ static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg)
            return PSA_ALG_NONE;
    }
 }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

 /*
 * Pick best ( private key, certificate chain ) pair based on the signature
@ -1139,9 +1131,7 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl)

        for (key_cert = key_cert_list; key_cert != NULL;
             key_cert = key_cert->next) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
            psa_algorithm_t psa_alg = PSA_ALG_NONE;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

            MBEDTLS_SSL_DEBUG_CRT(3, "certificate (chain) candidate",
                                  key_cert->cert);
@ -1165,17 +1155,13 @@ static int ssl_tls13_pick_key_cert(mbedtls_ssl_context *ssl)
                                   "check signature algorithm %s [%04x]",
                                   mbedtls_ssl_sig_alg_to_str(*sig_alg),
                                   *sig_alg));
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
            psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg(*sig_alg);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

            if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
                    *sig_alg, &key_cert->cert->pk)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
                && psa_alg != PSA_ALG_NONE &&
                mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg,
                                      PSA_KEY_USAGE_SIGN_HASH) == 1
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
                ) {
                ssl->handshake->key_cert = key_cert;
                MBEDTLS_SSL_DEBUG_MSG(3,