Removes mode param from mbedtls_rsa_pkcs1_encrypt
Removal of the mode parameter from
mbedtls_rsa_pkcs1_encrypt function. This change
is propagated throughout the codebase and to
relevant tests.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index a54ac4d..9433215 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -571,12 +571,7 @@
* operation.
*
* It is the generic wrapper for performing a PKCS#1 encryption
- * operation using the \p mode from the context.
- *
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PUBLIC.
+ * operation.
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
@@ -584,16 +579,10 @@
*
* \param ctx The initialized RSA context to use.
* \param f_rng The RNG to use. It is mandatory for PKCS#1 v2.1 padding
- * encoding, and for PKCS#1 v1.5 padding encoding when used
- * with \p mode set to #MBEDTLS_RSA_PUBLIC. For PKCS#1 v1.5
- * padding encoding and \p mode set to #MBEDTLS_RSA_PRIVATE,
- * it is used for blinding and should be provided in this
- * case; see mbedtls_rsa_private() for more.
+ * encoding, and for PKCS#1 v1.5 padding encoding.
* \param p_rng The RNG context to be passed to \p f_rng. May be
* \c NULL if \p f_rng is \c NULL or if \p f_rng doesn't
* need a context argument.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param ilen The length of the plaintext in Bytes.
* \param input The input data to encrypt. This must be a readable
* buffer of size \p ilen Bytes. It may be \c NULL if
@@ -608,7 +597,7 @@
int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode, size_t ilen,
+ size_t ilen,
const unsigned char *input,
unsigned char *output );
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 8e4f251..e1ad507 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -149,7 +149,7 @@
if( *olen > osize )
return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
- return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC,
+ return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng,
ilen, input, output ) );
}
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 64ead5b..c4354d7 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -3064,7 +3064,6 @@
mbedtls_rsa_pkcs1_encrypt( rsa,
mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE,
- MBEDTLS_RSA_PUBLIC,
input_length,
input,
output ) );
diff --git a/library/rsa.c b/library/rsa.c
index 6761fbd..5ecc778 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1317,13 +1317,11 @@
int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode, size_t ilen,
+ size_t ilen,
const unsigned char *input,
unsigned char *output )
{
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output != NULL );
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
@@ -1331,14 +1329,16 @@
{
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
- return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng, mode, ilen,
- input, output );
+ return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng,
+ MBEDTLS_RSA_PUBLIC, ilen,
+ input, output );
#endif
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng, mode, NULL, 0,
- ilen, input, output );
+ return mbedtls_rsa_rsaes_oaep_encrypt( ctx, f_rng, p_rng,
+ MBEDTLS_RSA_PUBLIC, NULL, 0,
+ ilen, input, output );
#endif
default:
@@ -2691,7 +2691,7 @@
memcpy( rsa_plaintext, RSA_PT, PT_LEN );
- if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC,
+ if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL,
PT_LEN, rsa_plaintext,
rsa_ciphertext ) != 0 )
{
diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
index ba01201..6c654ad 100644
--- a/programs/pkey/rsa_encrypt.c
+++ b/programs/pkey/rsa_encrypt.c
@@ -143,8 +143,7 @@
fflush( stdout );
ret = mbedtls_rsa_pkcs1_encrypt( &rsa, mbedtls_ctr_drbg_random,
- &ctr_drbg, MBEDTLS_RSA_PUBLIC,
- strlen( argv[1] ), input, buf );
+ &ctr_drbg, strlen( argv[1] ), input, buf );
if( ret != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index b03bdda..878c414 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -36,8 +36,8 @@
message_str->x = NULL;
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
&mbedtls_test_rnd_buffer_rand,
- &info, MBEDTLS_RSA_PUBLIC,
- message_str->len, message_str->x,
+ &info, message_str->len,
+ message_str->x,
output ) == result );
if( result == 0 )
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 2e7f339..623f7bc 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -35,8 +35,8 @@
message_str->x = NULL;
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
&mbedtls_test_rnd_buffer_rand,
- &info, MBEDTLS_RSA_PUBLIC,
- message_str->len, message_str->x,
+ &info, message_str->len,
+ message_str->x,
output ) == result );
if( result == 0 )
{
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 1eca314..c051ed3 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -103,17 +103,14 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL,
- MBEDTLS_RSA_PUBLIC,
sizeof( buf ), buf,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
- MBEDTLS_RSA_PUBLIC,
sizeof( buf ), NULL,
buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL,
- MBEDTLS_RSA_PUBLIC,
sizeof( buf ), buf,
NULL ) );
@@ -703,8 +700,8 @@
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
&mbedtls_test_rnd_pseudo_rand,
- &rnd_info, MBEDTLS_RSA_PUBLIC,
- message_str->len, message_str->x,
+ &rnd_info, message_str->len,
+ message_str->x,
output ) == result );
if( result == 0 )
{
@@ -743,8 +740,8 @@
TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand,
- NULL, MBEDTLS_RSA_PUBLIC,
- message_str->len, message_str->x,
+ NULL, message_str->len,
+ message_str->x,
output ) == result );
if( result == 0 )
{