Remove MBEDTLS_RSA_ALT
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 2e98c3a..2d1c9c1 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -390,7 +390,6 @@
//#define MBEDTLS_MD5_ALT
//#define MBEDTLS_POLY1305_ALT
//#define MBEDTLS_RIPEMD160_ALT
-//#define MBEDTLS_RSA_ALT
//#define MBEDTLS_SHA1_ALT
//#define MBEDTLS_SHA256_ALT
//#define MBEDTLS_SHA512_ALT
diff --git a/library/constant_time.c b/library/constant_time.c
index d212ddf..95b8122 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -146,7 +146,7 @@
#endif
-#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C)
void mbedtls_ct_memmove_left(void *start, size_t total, size_t offset)
{
@@ -165,7 +165,7 @@
}
}
-#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
+#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */
void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition,
unsigned char *dest,
@@ -227,7 +227,7 @@
}
}
-#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C)
void mbedtls_ct_zeroize_if(mbedtls_ct_condition_t condition, void *buf, size_t len)
{
@@ -245,4 +245,4 @@
}
}
-#endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) */
+#endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) */
diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index 61a5c6d..26f6606 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@@ -433,7 +433,7 @@
* Block memory operations
*/
-#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C)
/** Conditionally set a block of memory to zero.
*
@@ -466,7 +466,7 @@
size_t total,
size_t offset);
-#endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT) */
+#endif /* defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) */
/** Conditional memcpy.
*
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 19196b5..8710889 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -470,11 +470,6 @@
static void rsa_debug(mbedtls_pk_context *pk, mbedtls_pk_debug_item *items)
{
-#if defined(MBEDTLS_RSA_ALT)
- /* Not supported */
- (void) pk;
- (void) items;
-#else
mbedtls_rsa_context *rsa = (mbedtls_rsa_context *) pk->pk_ctx;
items->type = MBEDTLS_PK_DEBUG_MPI;
@@ -486,7 +481,6 @@
items->type = MBEDTLS_PK_DEBUG_MPI;
items->name = "rsa.E";
items->value = &(rsa->E);
-#endif
}
const mbedtls_pk_info_t mbedtls_rsa_info = {
diff --git a/library/rsa.c b/library/rsa.c
index 7eb4a25..8a4c3d0 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -155,7 +155,7 @@
goto cleanup;
}
-#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT)
+#if !defined(MBEDTLS_RSA_NO_CRT)
/*
* The RSA CRT parameters DP, DQ and QP are nominally redundant, in
* that they can be easily recomputed from D, P and Q. However by
@@ -411,7 +411,7 @@
return (int) len;
}
-#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
+#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C)
/** This function performs the unpadding part of a PKCS#1 v1.5 decryption
* operation (EME-PKCS1-v1_5 decoding).
@@ -564,9 +564,7 @@
return ret;
}
-#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
-
-#if !defined(MBEDTLS_RSA_ALT)
+#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C */
int mbedtls_rsa_import(mbedtls_rsa_context *ctx,
const mbedtls_mpi *N,
@@ -2841,8 +2839,6 @@
#endif
}
-#endif /* !MBEDTLS_RSA_ALT */
-
#if defined(MBEDTLS_SELF_TEST)
diff --git a/tests/include/alt-dummy/rsa_alt.h b/tests/include/alt-dummy/rsa_alt.h
deleted file mode 100644
index eabc26d..0000000
--- a/tests/include/alt-dummy/rsa_alt.h
+++ /dev/null
@@ -1,16 +0,0 @@
-/* rsa_alt.h with dummy types for MBEDTLS_RSA_ALT */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef RSA_ALT_H
-#define RSA_ALT_H
-
-typedef struct mbedtls_rsa_context {
- int dummy;
-}
-mbedtls_rsa_context;
-
-
-#endif /* rsa_alt.h */
diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function
index 3127365..ba84397 100644
--- a/tests/suites/test_suite_constant_time.function
+++ b/tests/suites/test_suite_constant_time.function
@@ -171,7 +171,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:!MBEDTLS_RSA_ALT */
+/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
void mbedtls_ct_zeroize_if(char *c_str, int len)
{
uint8_t *buf = NULL;
@@ -431,7 +431,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:!MBEDTLS_RSA_ALT */
+/* BEGIN_CASE depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C */
void mbedtls_ct_memmove_left(int len, int offset)
{
size_t l = (size_t) len;
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 7113274..ed9f4f4 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -235,7 +235,6 @@
size_t i;
size_t count = 0;
-#if !defined(MBEDTLS_RSA_ALT)
/* Check that the output in invalid cases is what the default
* implementation currently does. Alternative implementations
* may produce different output, so we only perform these precise
@@ -244,7 +243,7 @@
for (i = 0; i < max_payload_length; i++) {
TEST_ASSERT(final[i] == 0);
}
-#endif
+
/* Even in alternative implementations, the outputs must have
* changed, otherwise it indicates at least a timing vulnerability
* because no write to the outputs is performed in the bad case. */
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/rsa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/rsa.h
index c1e76b3..cc839f2 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/rsa.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/rsa.h
@@ -69,10 +69,6 @@
extern "C" {
#endif
-#if !defined(MBEDTLS_RSA_ALT)
-// Regular implementation
-//
-
#if !defined(MBEDTLS_RSA_GEN_KEY_MIN_BITS)
#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024
#elif MBEDTLS_RSA_GEN_KEY_MIN_BITS < 128
@@ -122,10 +118,6 @@
}
mbedtls_rsa_context;
-#else /* MBEDTLS_RSA_ALT */
-#include "rsa_alt.h"
-#endif /* MBEDTLS_RSA_ALT */
-
/**
* \brief This function initializes an RSA context.
*