Removes mode param from mbedtls_rsa_rsassa_pss_verify

Commit removes the mode parameter
from the mbedtls_rsa_rsassa_pss_verify
function and propagates the change
throughout the process.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>

include/mbedtls/rsa.h

@@ -1044,18 +1044,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
  *                 same. If \p hash_id in the RSA context is unset,
  *                 the \p md_alg from the function call is used.
  *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
  * \param ctx      The initialized RSA public key context to use.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
  * \param md_alg   The message-digest algorithm used to hash the original data.
  *                 Use #MBEDTLS_MD_NONE for signing raw data.
  * \param hashlen  The length of the message digest.
@@ -1073,7 +1062,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
 int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
-                           int mode,
                            mbedtls_md_type_t md_alg,
                            unsigned int hashlen,
                            const unsigned char *hash,

library/psa_crypto_rsa.c

@@ -502,7 +502,6 @@ static psa_status_t rsa_verify_hash(
     {
         mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
         ret = mbedtls_rsa_rsassa_pss_verify( rsa,
-                                             MBEDTLS_RSA_PUBLIC,
                                              MBEDTLS_MD_NONE,
                                              (unsigned int) hash_length,
                                              hash,

library/rsa.c

@@ -2297,7 +2297,6 @@ exit:
  * Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
  */
 int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
-                           int mode,
                            mbedtls_md_type_t md_alg,
                            unsigned int hashlen,
                            const unsigned char *hash,
@@ -2305,8 +2304,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
 {
     mbedtls_md_type_t mgf1_hash_id;
     RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
     RSA_VALIDATE_RET( sig != NULL );
     RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
                         hashlen == 0 ) ||
@@ -2316,10 +2313,12 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
                              ? (mbedtls_md_type_t) ctx->hash_id
                              : md_alg;
 
-    return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, NULL, mode,
-                                       md_alg, hashlen, hash,
-                                       mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY,
-                                       sig ) );
+    return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, NULL,
+                                               MBEDTLS_RSA_PUBLIC,
+                                               md_alg, hashlen, hash,
+                                               mgf1_hash_id,
+                                               MBEDTLS_RSA_SALT_LEN_ANY,
+                                               sig ) );
 
 }
 #endif /* MBEDTLS_PKCS1_V21 */
@@ -2423,8 +2422,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
 
 #if defined(MBEDTLS_PKCS1_V21)
         case MBEDTLS_RSA_PKCS_V21:
-            return mbedtls_rsa_rsassa_pss_verify( ctx, MBEDTLS_RSA_PUBLIC, md_alg,
-                                          hashlen, hash, sig );
+            return mbedtls_rsa_rsassa_pss_verify( ctx, md_alg,
+                                                  hashlen, hash, sig );
 #endif
 
         default:

tests/suites/test_suite_rsa.function

@@ -316,22 +316,18 @@ void rsa_invalid_param( )
 
     TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
                             mbedtls_rsa_rsassa_pss_verify( NULL,
-                                                           MBEDTLS_RSA_PUBLIC,
                                                            0, sizeof( buf ),
                                                            buf, buf ) );
     TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
                             mbedtls_rsa_rsassa_pss_verify( &ctx,
-                                                           MBEDTLS_RSA_PUBLIC,
                                                            0, sizeof( buf ),
                                                            NULL, buf ) );
     TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
                             mbedtls_rsa_rsassa_pss_verify( &ctx,
-                                                           MBEDTLS_RSA_PUBLIC,
                                                            0, sizeof( buf ),
                                                            buf, NULL ) );
     TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
                             mbedtls_rsa_rsassa_pss_verify( &ctx,
-                                                           MBEDTLS_RSA_PUBLIC,
                                                            MBEDTLS_MD_SHA1,
                                                            0, NULL,
                                                            buf ) );