Rm dead !USE_PSA code: X.509

unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/x509*.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-05-09 00:21:18 +08:00 · 2025-01-22 11:49:25 +01:00 · 2025-01-22 11:49:25 +01:00 · f60b09b019
commit f60b09b019
parent 189dcf630f
4 changed files with 0 additions and 65 deletions
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -32,11 +32,9 @@
 #include "mbedtls/pem.h"
 #endif

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "psa/crypto.h"
 #include "psa_util_internal.h"
 #include "mbedtls/psa_util.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #include "pk_internal.h"

 #include "mbedtls/platform.h"
@ -2013,11 +2011,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
 {
    int flags = 0;
    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_algorithm_t psa_algorithm;
-#else
-    const mbedtls_md_info_t *md_info;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
    size_t hash_length;

    if (ca == NULL) {
@ -2051,7 +2045,6 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
            flags |= MBEDTLS_X509_BADCRL_BAD_PK;
        }

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
        psa_algorithm = mbedtls_md_psa_alg_from_type(crl_list->sig_md);
        if (psa_hash_compute(psa_algorithm,
                             crl_list->tbs.p,
@ -2063,18 +2056,6 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
            flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
            break;
        }
-#else
-        md_info = mbedtls_md_info_from_type(crl_list->sig_md);
-        hash_length = mbedtls_md_get_size(md_info);
-        if (mbedtls_md(md_info,
-                       crl_list->tbs.p,
-                       crl_list->tbs.len,
-                       hash) != 0) {
-            /* Note: this can't happen except after an internal error */
-            flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
-            break;
-        }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

        if (x509_profile_check_key(profile, &ca->pk) != 0) {
            flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
@ -2126,16 +2107,6 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
 {
    size_t hash_len;
    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-    const mbedtls_md_info_t *md_info;
-    md_info = mbedtls_md_info_from_type(child->sig_md);
-    hash_len = mbedtls_md_get_size(md_info);
-
-    /* Note: hash errors can happen only after an internal error */
-    if (mbedtls_md(md_info, child->tbs.p, child->tbs.len, hash) != 0) {
-        return -1;
-    }
-#else
    psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(child->sig_md);
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;

@ -2149,7 +2120,6 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
        return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
    }

-#endif /* MBEDTLS_USE_PSA_CRYPTO */
    /* Skip expensive computation on obvious mismatch */
    if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) {
        return -1;
--- a/library/x509write.c
+++ b/library/x509write.c
@ -22,11 +22,9 @@
 #include "mbedtls/pem.h"
 #endif /* MBEDTLS_PEM_WRITE_C */

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "psa/crypto.h"
 #include "mbedtls/psa_util.h"
 #include "md_psa.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

 #define CHECK_OVERFLOW_ADD(a, b) \
    do                         \
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@ -30,11 +30,9 @@
 #include "mbedtls/pem.h"
 #endif /* MBEDTLS_PEM_WRITE_C */

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "psa/crypto.h"
 #include "psa_util_internal.h"
 #include "mbedtls/psa_util.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

 void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx)
 {
@ -179,10 +177,8 @@ static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx,
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
    unsigned char *c = buf + sizeof(buf);
    size_t len = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
    size_t hash_length;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

    memset(buf, 0, sizeof(buf));
    MBEDTLS_ASN1_CHK_ADD(len,
@ -193,7 +189,6 @@ static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx,
                                                 ctx->subject_key));


-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    status = psa_hash_compute(PSA_ALG_SHA_1,
                              buf + sizeof(buf) - len,
                              len,
@ -203,14 +198,6 @@ static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx,
    if (status != PSA_SUCCESS) {
        return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
    }
-#else
-    ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1),
-                     buf + sizeof(buf) - len, len,
-                     buf + sizeof(buf) - 20);
-    if (ret != 0) {
-        return ret;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

    c = buf + sizeof(buf) - 20;
    len = 20;
@ -403,10 +390,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
    unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
    size_t hash_length = 0;
    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
    psa_algorithm_t psa_algorithm;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

    size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
    size_t len = 0;
@ -572,7 +557,6 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
     */

    /* Compute hash of CRT. */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_algorithm = mbedtls_md_psa_alg_from_type(ctx->md_alg);

    status = psa_hash_compute(psa_algorithm,
@ -584,12 +568,6 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
    if (status != PSA_SUCCESS) {
        return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
    }
-#else
-    if ((ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c,
-                          len, hash)) != 0) {
-        return ret;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */


    if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@ -20,11 +20,9 @@
 #include "mbedtls/oid.h"
 #include "mbedtls/platform_util.h"

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "psa/crypto.h"
 #include "psa_util_internal.h"
 #include "mbedtls/psa_util.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

 #include <string.h>
 #include <stdlib.h>
@ -145,10 +143,8 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
    size_t pub_len = 0, sig_and_oid_len = 0, sig_len;
    size_t len = 0;
    mbedtls_pk_type_t pk_alg;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    size_t hash_len;
    psa_algorithm_t hash_alg = mbedtls_md_psa_alg_from_type(ctx->md_alg);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

    /* Write the CSR backwards starting from the end of buf */
    c = buf + size;
@ -213,7 +209,6 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
     * Sign the written CSR data into the sig buffer
     * Note: hash errors can happen only after an internal error
     */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    if (psa_hash_compute(hash_alg,
                         c,
                         len,
@ -222,12 +217,6 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
                         &hash_len) != PSA_SUCCESS) {
        return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
    }
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-    ret = mbedtls_md(mbedtls_md_info_from_type(ctx->md_alg), c, len, hash);
-    if (ret != 0) {
-        return ret;
-    }
-#endif
    if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0,
                               sig, sig_size, &sig_len,
                               f_rng, p_rng)) != 0) {