Rm dead !USE_PSA code: ssl_tls13_xxx (part 1)
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls13*.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 5128a41..17f98ca 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -925,23 +925,17 @@
mbedtls_ssl_key_set const *traffic_keys,
mbedtls_ssl_context *ssl /* DEBUG ONLY */)
{
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- int ret;
- mbedtls_cipher_info_t const *cipher_info;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
unsigned char const *key_enc;
unsigned char const *iv_enc;
unsigned char const *key_dec;
unsigned char const *iv_dec;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_type_t key_type;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_algorithm_t alg;
size_t key_bits;
psa_status_t status = PSA_SUCCESS;
-#endif
#if !defined(MBEDTLS_DEBUG_C)
ssl = NULL; /* make sure we don't use it except for those cases */
@@ -955,29 +949,6 @@
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
}
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- cipher_info = mbedtls_cipher_info_from_type(ciphersuite_info->cipher);
- if (cipher_info == NULL) {
- MBEDTLS_SSL_DEBUG_MSG(1, ("cipher info for %u not found",
- ciphersuite_info->cipher));
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- /*
- * Setup cipher contexts in target transform
- */
- if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_enc,
- cipher_info)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
- return ret;
- }
-
- if ((ret = mbedtls_cipher_setup(&transform->cipher_ctx_dec,
- cipher_info)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setup", ret);
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_SRV_C)
if (endpoint == MBEDTLS_SSL_IS_SERVER) {
@@ -1003,21 +974,6 @@
memcpy(transform->iv_enc, iv_enc, traffic_keys->iv_len);
memcpy(transform->iv_dec, iv_dec, traffic_keys->iv_len);
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
- if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_enc,
- key_enc, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
- MBEDTLS_ENCRYPT)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
- return ret;
- }
-
- if ((ret = mbedtls_cipher_setkey(&transform->cipher_ctx_dec,
- key_dec, (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
- MBEDTLS_DECRYPT)) != 0) {
- MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_cipher_setkey", ret);
- return ret;
- }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Setup other fields in SSL transform
@@ -1041,7 +997,6 @@
transform->minlen =
transform->taglen + MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
/*
* Setup psa keys and alg
*/
@@ -1082,7 +1037,6 @@
return PSA_TO_MBEDTLS_ERR(status);
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
return 0;
}
@@ -1839,7 +1793,6 @@
unsigned char **psk,
size_t *psk_len)
{
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
@@ -1869,14 +1822,6 @@
return PSA_TO_MBEDTLS_ERR(status);
}
return 0;
-#else
- *psk = ssl->handshake->psk;
- *psk_len = ssl->handshake->psk_len;
- if (*psk == NULL) {
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
- return 0;
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
}
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index ab27c94..7273eb9 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -435,9 +435,7 @@
psk, psk_len, psk_type,
transcript,
server_computed_binder);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_free((void *) psk);
-#endif
if (ret != 0) {
MBEDTLS_SSL_DEBUG_MSG(1, ("PSK binder calculation failed."));
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
@@ -739,11 +737,7 @@
*olen = 0;
int not_using_psk = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
not_using_psk = (mbedtls_svc_key_id_is_null(ssl->handshake->psk_opaque));
-#else
- not_using_psk = (ssl->handshake->psk == NULL);
-#endif
if (not_using_psk) {
/* We shouldn't have called this extension writer unless we've
* chosen to use a PSK. */
@@ -1078,7 +1072,6 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
static psa_algorithm_t ssl_tls13_iana_sig_alg_to_psa_alg(uint16_t sig_alg)
{
switch (sig_alg) {
@@ -1104,7 +1097,6 @@
return PSA_ALG_NONE;
}
}
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
/*
* Pick best ( private key, certificate chain ) pair based on the signature
@@ -1139,9 +1131,7 @@
for (key_cert = key_cert_list; key_cert != NULL;
key_cert = key_cert->next) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_algorithm_t psa_alg = PSA_ALG_NONE;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
MBEDTLS_SSL_DEBUG_CRT(3, "certificate (chain) candidate",
key_cert->cert);
@@ -1165,17 +1155,13 @@
"check signature algorithm %s [%04x]",
mbedtls_ssl_sig_alg_to_str(*sig_alg),
*sig_alg));
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_alg = ssl_tls13_iana_sig_alg_to_psa_alg(*sig_alg);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
*sig_alg, &key_cert->cert->pk)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
&& psa_alg != PSA_ALG_NONE &&
mbedtls_pk_can_do_ext(&key_cert->cert->pk, psa_alg,
PSA_KEY_USAGE_SIGN_HASH) == 1
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
) {
ssl->handshake->key_cert = key_cert;
MBEDTLS_SSL_DEBUG_MSG(3,