From f60b09b019d51e7ca0848bb42841d9d185cfa619 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 22 Jan 2025 11:49:25 +0100 Subject: [PATCH] Rm dead !USE_PSA code: X.509 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/x509*.c Signed-off-by: Manuel Pégourié-Gonnard --- library/x509_crt.c | 30 ------------------------------ library/x509write.c | 2 -- library/x509write_crt.c | 22 ---------------------- library/x509write_csr.c | 11 ----------- 4 files changed, 65 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index d72e2fb8ad..113eb1b072 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -32,11 +32,9 @@ #include "mbedtls/pem.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" #include "mbedtls/psa_util.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #include "pk_internal.h" #include "mbedtls/platform.h" @@ -2013,11 +2011,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, { int flags = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm_t psa_algorithm; -#else - const mbedtls_md_info_t *md_info; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ size_t hash_length; if (ca == NULL) { @@ -2051,7 +2045,6 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCRL_BAD_PK; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md); if (psa_hash_compute(psa_algorithm, crl_list->tbs.p, @@ -2063,18 +2056,6 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; break; } -#else - md_info = mbedtls_md_info_from_type(crl_list->sig_md); - hash_length = mbedtls_md_get_size(md_info); - if (mbedtls_md(md_info, - crl_list->tbs.p, - crl_list->tbs.len, - hash) != 0) { - /* Note: this can't happen except after an internal error */ - flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; - break; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if (x509_profile_check_key(profile, &ca->pk) != 0) { flags |= MBEDTLS_X509_BADCERT_BAD_KEY; @@ -2126,16 +2107,6 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, { size_t hash_len; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; -#if !defined(MBEDTLS_USE_PSA_CRYPTO) - const mbedtls_md_info_t *md_info; - md_info = mbedtls_md_info_from_type(child->sig_md); - hash_len = mbedtls_md_get_size(md_info); - - /* Note: hash errors can happen only after an internal error */ - if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) { - return -1; - } -#else psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md); psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -2149,7 +2120,6 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child, return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Skip expensive computation on obvious mismatch */ if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) { return -1; diff --git a/library/x509write.c b/library/x509write.c index 8288c892bb..0906a5a9d1 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -22,11 +22,9 @@ #include "mbedtls/pem.h" #endif /* MBEDTLS_PEM_WRITE_C */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" #include "md_psa.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #define CHECK_OVERFLOW_ADD(a, b) \ do \ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 4bae0fbf67..8a476978a1 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -30,11 +30,9 @@ #include "mbedtls/pem.h" #endif /* MBEDTLS_PEM_WRITE_C */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" #include "mbedtls/psa_util.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) { @@ -179,10 +177,8 @@ static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx, unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ unsigned char *c = buf + sizeof(buf); size_t len = 0; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t hash_length; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ memset(buf, 0, sizeof(buf)); MBEDTLS_ASN1_CHK_ADD(len, @@ -193,7 +189,6 @@ static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx, ctx->subject_key)); -#if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_compute(PSA_ALG_SHA_1, buf + sizeof(buf) - len, len, @@ -203,14 +198,6 @@ static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx, if (status != PSA_SUCCESS) { return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } -#else - ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), - buf + sizeof(buf) - len, len, - buf + sizeof(buf) - 20); - if (ret != 0) { - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ c = buf + sizeof(buf) - 20; len = 20; @@ -403,10 +390,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; size_t hash_length = 0; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_algorithm_t psa_algorithm; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; @@ -572,7 +557,6 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, */ /* Compute hash of CRT. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) psa_algorithm = mbedtls_md_psa_alg_from_type(ctx->md_alg); status = psa_hash_compute(psa_algorithm, @@ -584,12 +568,6 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, if (status != PSA_SUCCESS) { return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } -#else - if ((ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, - len, hash)) != 0) { - return ret; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg, diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 604c94c3e5..dd75d8f898 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -20,11 +20,9 @@ #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" -#if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "psa_util_internal.h" #include "mbedtls/psa_util.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ #include #include @@ -145,10 +143,8 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; mbedtls_pk_type_t pk_alg; -#if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_len; psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ /* Write the CSR backwards starting from the end of buf */ c = buf + size; @@ -213,7 +209,6 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, * Sign the written CSR data into the sig buffer * Note: hash errors can happen only after an internal error */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) if (psa_hash_compute(hash_alg, c, len, @@ -222,12 +217,6 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx, &hash_len) != PSA_SUCCESS) { return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } -#else /* MBEDTLS_USE_PSA_CRYPTO */ - ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, len, hash); - if (ret != 0) { - return ret; - } -#endif if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0, sig, sig_size, &sig_len, f_rng, p_rng)) != 0) {