Removes mode param from mbedtls_rsa_pkcs1_sign
Commit removes the mode parameter from
mbedtls_rsa_pkcs1_sign and progagates the
change to all relevant parts of the codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index c250525..96548bd 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -790,7 +790,7 @@
* a message digest using PKCS#1.
*
* It is the generic wrapper for performing a PKCS#1
- * signature using the \p mode from the context.
+ * signature.
*
* \note The \p sig buffer must be as large as the size
* of \p ctx->N. For example, 128 Bytes if RSA-1024 is used.
@@ -799,25 +799,13 @@
* mbedtls_rsa_rsassa_pss_sign() for details on
* \p md_alg and \p hash_id.
*
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
* \param ctx The initialized RSA context to use.
* \param f_rng The RNG function to use. If the padding mode is PKCS#1 v2.1,
- * this must be provided. If the padding mode is PKCS#1 v1.5 and
- * \p mode is #MBEDTLS_RSA_PRIVATE, it is used for blinding
- * and should be provided; see mbedtls_rsa_private() for more
- * more. It is ignored otherwise.
+ * this must be provided. If the padding mode is PKCS#1 v1.5
+ * it is used for blinding and should be provided;
+ * see mbedtls_rsa_private() for more.
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL
* if \p f_rng is \c NULL or doesn't need a context argument.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest.
@@ -838,7 +826,6 @@
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index ec07c60..9f4c187 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -120,8 +120,9 @@
*sig_len = mbedtls_rsa_get_len( rsa );
- return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
- md_alg, (unsigned int) hash_len, hash, sig ) );
+ return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng,
+ md_alg, (unsigned int) hash_len,
+ hash, sig ) );
}
static int rsa_decrypt_wrap( void *ctx,
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 686f07d..192f4a3 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -419,7 +419,6 @@
ret = mbedtls_rsa_pkcs1_sign( rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PRIVATE,
md_alg,
(unsigned int) hash_length,
hash,
diff --git a/library/rsa.c b/library/rsa.c
index 86bd71d..22880a2 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -2129,15 +2129,12 @@
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
unsigned char *sig )
{
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
hash != NULL );
@@ -2147,14 +2144,14 @@
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
+ return mbedtls_rsa_rsassa_pkcs1_v15_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
+ md_alg, hashlen, hash, sig );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
- hashlen, hash, sig );
+ return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
+ md_alg, hashlen, hash, sig );
#endif
default:
@@ -2714,7 +2711,7 @@
}
if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL,
- MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0,
+ MBEDTLS_MD_SHA1, 0,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index dccf095..63df77e 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -229,7 +229,7 @@
buf[n ] = (unsigned char)( rsa.len >> 8 );
buf[n + 1] = (unsigned char)( rsa.len );
- if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
+ if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
0, hash, buf + n + 2 ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned %d\n\n", ret );
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index c9522c8..1cfa0a8 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -146,7 +146,7 @@
goto exit;
}
- if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256,
+ if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_MD_SHA256,
20, hash, buf ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n", (unsigned int) -ret );
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 27d73ff..0038a58 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -76,7 +76,7 @@
((void) f_rng);
((void) p_rng);
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx,
- mbedtls_test_rnd_std_rand, NULL, MBEDTLS_RSA_PRIVATE,
+ mbedtls_test_rnd_std_rand, NULL,
md_alg, hashlen, hash, sig ) );
}
size_t mbedtls_rsa_key_len_func( void *ctx )
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 878c414..0c2547d 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -293,8 +293,8 @@
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
- &info, MBEDTLS_RSA_PRIVATE, digest,
- 0, hash_result, output ) == result );
+ &info, digest, 0, hash_result,
+ output ) == result );
if( result == 0 )
{
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 623f7bc..e64f222 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -148,8 +148,8 @@
if (fixed_salt_length == MBEDTLS_RSA_SALT_LEN_ANY)
{
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
- &info, MBEDTLS_RSA_PRIVATE, digest, 0,
- hash_result, output ) == result );
+ &info, digest, 0,hash_result,
+ output ) == result );
if( result == 0 )
{
ASSERT_COMPARE( output, ctx.len, result_str->x, result_str->len );
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 7c7d8f9..e4f9625 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -205,22 +205,18 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL,
- MBEDTLS_RSA_PRIVATE,
0, sizeof( buf ), buf,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- MBEDTLS_RSA_PRIVATE,
0, sizeof( buf ), NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- MBEDTLS_RSA_PRIVATE,
0, sizeof( buf ), buf,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL,
- MBEDTLS_RSA_PRIVATE,
MBEDTLS_MD_SHA1,
0, NULL,
buf ) );
@@ -479,8 +475,8 @@
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
- &rnd_info, MBEDTLS_RSA_PRIVATE, digest,
- 0, hash_result, output ) == result );
+ &rnd_info, digest, 0, hash_result,
+ output ) == result );
if( result == 0 )
{
@@ -560,8 +556,8 @@
TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
- &rnd_info, MBEDTLS_RSA_PRIVATE,
- MBEDTLS_MD_NONE, hash_result->len,
+ &rnd_info, MBEDTLS_MD_NONE,
+ hash_result->len,
hash_result->x, output ) == 0 );
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index a36fa43..44f846f 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -19,8 +19,8 @@
mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
{
- return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
- md_alg, hashlen, hash, sig ) );
+ return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng,
+ md_alg, hashlen, hash, sig ) );
}
size_t mbedtls_rsa_key_len_func( void *ctx )
{