Remove redundant NIST_KW checks in cipher_auth_xxcrypt()
The internal functions mbedtls_cipher_aead_{encrypt,decrypt} reject
unsupported algorithms, so there's no need for an additional check in
the legacy wrappers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/cipher.c b/library/cipher.c
index cf45446..5031092 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1488,17 +1488,6 @@
CIPHER_VALIDATE_RET( olen != NULL );
CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
-#if defined(MBEDTLS_NIST_KW_C)
- if( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
- MBEDTLS_MODE_KWP == ctx->cipher_info->mode )
- {
- /* NIST_KW is not supported because we used to document the wrong size
- * of the output buffer, so people should move to the _ext API,
- * which has an explicit argument for buffer size. */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
- }
-#endif /* MBEDTLS_NIST_KW_C */
-
return( mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len,
input, ilen, output, olen,
tag, tag_len ) );
@@ -1522,17 +1511,6 @@
CIPHER_VALIDATE_RET( olen != NULL );
CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL );
-#if defined(MBEDTLS_NIST_KW_C)
- if( MBEDTLS_MODE_KW == ctx->cipher_info->mode ||
- MBEDTLS_MODE_KWP == ctx->cipher_info->mode )
- {
- /* NIST_KW is not supported because we used to document the wrong size
- * of the output buffer, so people should move to the _ext API,
- * which has an explicit argument for buffer size. */
- return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
- }
-#endif /* MBEDTLS_NIST_KW_C */
-
return( mbedtls_cipher_aead_decrypt( ctx, iv, iv_len, ad, ad_len,
input, ilen, output, olen,
tag, tag_len ) );