From 4864424fea8df6d16fd02addd9c623f01341a424 Mon Sep 17 00:00:00 2001
From: Thomas Daubney <thomas.daubney@arm.com>
Date: Thu, 18 Jul 2024 12:36:49 +0100
Subject: [PATCH] Remove MBEDTLS_ECDSA_SIGN_ALT

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
---
 include/mbedtls/check_config.h                |  4 +---
 include/mbedtls/mbedtls_config.h              |  1 -
 .../drivers/builtin/include/mbedtls/ecdsa.h   |  3 ---
 tf-psa-crypto/drivers/builtin/src/ecdsa.c     | 19 -------------------
 4 files changed, 1 insertion(+), 26 deletions(-)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index f8197e44e2..561432e26d 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -184,9 +184,7 @@
 #error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_ECP_RESTARTABLE)           && \
-    ( defined(MBEDTLS_ECDSA_SIGN_ALT)          || \
-      defined(MBEDTLS_ECDSA_GENKEY_ALT) )
+#if defined(MBEDTLS_ECP_RESTARTABLE) && defined(MBEDTLS_ECDSA_GENKEY_ALT)
 #error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation"
 #endif
 
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index dd047e98d6..b2441113bc 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -350,7 +350,6 @@
  */
 //#define MBEDTLS_TIMING_ALT
 
-//#define MBEDTLS_ECDSA_SIGN_ALT
 //#define MBEDTLS_ECDSA_GENKEY_ALT
 
 /**
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h
index 557f02b462..fcb46e2a43 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h
@@ -211,7 +211,6 @@ int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r,
                                void *p_rng_blind);
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
-#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
 /**
  * \brief               This function computes the ECDSA signature of a
  *                      previously-hashed message, in a restartable way.
@@ -277,8 +276,6 @@ int mbedtls_ecdsa_sign_restartable(
     void *p_rng_blind,
     mbedtls_ecdsa_restart_ctx *rs_ctx);
 
-#endif /* !MBEDTLS_ECDSA_SIGN_ALT */
-
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
 
 /**
diff --git a/tf-psa-crypto/drivers/builtin/src/ecdsa.c b/tf-psa-crypto/drivers/builtin/src/ecdsa.c
index da4c9e8dad..f4e14a3f1a 100644
--- a/tf-psa-crypto/drivers/builtin/src/ecdsa.c
+++ b/tf-psa-crypto/drivers/builtin/src/ecdsa.c
@@ -193,8 +193,6 @@ static void ecdsa_restart_det_free(mbedtls_ecdsa_restart_det_ctx *ctx)
 
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC) || \
-    !defined(MBEDTLS_ECDSA_SIGN_ALT)
 /*
  * Derive a suitable integer for group grp from a buffer of length len
  * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
@@ -219,7 +217,6 @@ static int derive_mpi(const mbedtls_ecp_group *grp, mbedtls_mpi *x,
 cleanup:
     return ret;
 }
-#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT */
 
 int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
 {
@@ -234,7 +231,6 @@ int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
     }
 }
 
-#if !defined(MBEDTLS_ECDSA_SIGN_ALT)
 /*
  * Compute ECDSA signature of a hashed message (SEC1 4.1.3)
  * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message)
@@ -384,7 +380,6 @@ int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
     return mbedtls_ecdsa_sign_restartable(grp, r, s, d, buf, blen,
                                           f_rng, p_rng, f_rng, p_rng, NULL);
 }
-#endif /* !MBEDTLS_ECDSA_SIGN_ALT */
 
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
 /*
@@ -443,16 +438,9 @@ int mbedtls_ecdsa_sign_det_restartable(mbedtls_ecp_group *grp,
 
 sign:
 #endif
-#if defined(MBEDTLS_ECDSA_SIGN_ALT)
-    (void) f_rng_blind;
-    (void) p_rng_blind;
-    ret = mbedtls_ecdsa_sign(grp, r, s, d, buf, blen,
-                             mbedtls_hmac_drbg_random, p_rng);
-#else
     ret = mbedtls_ecdsa_sign_restartable(grp, r, s, d, buf, blen,
                                          mbedtls_hmac_drbg_random, p_rng,
                                          f_rng_blind, p_rng_blind, rs_ctx);
-#endif /* MBEDTLS_ECDSA_SIGN_ALT */
 
 cleanup:
     mbedtls_hmac_drbg_free(&rng_ctx);
@@ -657,17 +645,10 @@ int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx,
 #else
     (void) md_alg;
 
-#if defined(MBEDTLS_ECDSA_SIGN_ALT)
-    (void) rs_ctx;
-
-    MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign(&ctx->grp, &r, &s, &ctx->d,
-                                       hash, hlen, f_rng, p_rng));
-#else
     /* Use the same RNG for both blinding and ephemeral key generation */
     MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_restartable(&ctx->grp, &r, &s, &ctx->d,
                                                    hash, hlen, f_rng, p_rng, f_rng,
                                                    p_rng, rs_ctx));
-#endif /* MBEDTLS_ECDSA_SIGN_ALT */
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
     MBEDTLS_MPI_CHK(ecdsa_signature_to_asn1(&r, &s, sig, sig_size, slen));