mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-07 13:22:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove mode parameter from mbedtls_rsa_rsaes_oaep_decrypt function

Browse Source 
Removing the mode parameter from the mbedtls_rsa_rsaes_oaep_decrypt
function. The change is progagated to all function calls, including in
test suite .function files. Additionally fully removing one test
where the wrong mode was being tested.

Signed-off-by: Tom Daubney <Thomas.Daubney@arm.com>
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This commit is contained in:
Thomas Daubney 2021-05-06 11:41:09 +01:00
parent c7feaf349c
commit d21e0b780a
4 changed files with 5 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
include/mbedtls/rsa.h
View File

@ -806,24 +806,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
* ciphertext provided, the function returns * ciphertext provided, the function returns
* #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * #MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE.
* *
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
* are likely to remove the \p mode argument and have it
* implicitly set to #MBEDTLS_RSA_PRIVATE.
*
* \note Alternative implementations of RSA need not support * \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PUBLIC and might instead * mode being set to #MBEDTLS_RSA_PUBLIC and might instead
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
* *
* \param ctx The initialized RSA context to use. * \param ctx The initialized RSA context to use.
* \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE, * \param f_rng The RNG function. This is used for blinding and should
* this is used for blinding and should be provided; see * be provided; see mbedtls_rsa_private() for more.
* mbedtls_rsa_private() for more. If \p mode is
* #MBEDTLS_RSA_PUBLIC, it is ignored.
* \param p_rng The RNG context to be passed to \p f_rng. This may be * \param p_rng The RNG context to be passed to \p f_rng. This may be
* \c NULL if \p f_rng is \c NULL or doesn't need a context. * \c NULL if \p f_rng is \c NULL or doesn't need a context.
* \param mode The mode of operation. This must be either
* #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
* \param label The buffer holding the custom label to use. * \param label The buffer holding the custom label to use.
* This must be a readable buffer of length \p label_len * This must be a readable buffer of length \p label_len
* Bytes. It may be \c NULL if \p label_len is \c 0. * Bytes. It may be \c NULL if \p label_len is \c 0.
@ -843,7 +834,6 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng, void *p_rng,
int mode,
const unsigned char *label, size_t label_len, const unsigned char *label, size_t label_len,
size_t *olen, size_t *olen,
const unsigned char *input, const unsigned char *input,

1
library/psa_crypto.c
View File

@ -3186,7 +3186,6 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key,
mbedtls_rsa_rsaes_oaep_decrypt( rsa, mbedtls_rsa_rsaes_oaep_decrypt( rsa,
mbedtls_psa_get_random, mbedtls_psa_get_random,
MBEDTLS_PSA_RANDOM_STATE, MBEDTLS_PSA_RANDOM_STATE,
MBEDTLS_RSA_PRIVATE,
salt, salt_length, salt, salt_length,
output_length, output_length,
input, input,

11
library/rsa.c
View File

@ -1353,7 +1353,6 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng, void *p_rng,
int mode,
const unsigned char *label, size_t label_len, const unsigned char *label, size_t label_len,
size_t *olen, size_t *olen,
const unsigned char *input, const unsigned char *input,
@ -1370,8 +1369,6 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
mbedtls_md_context_t md_ctx; mbedtls_md_context_t md_ctx;
RSA_VALIDATE_RET( ctx != NULL ); RSA_VALIDATE_RET( ctx != NULL );
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); RSA_VALIDATE_RET( output_max_len == 0 || output != NULL );
RSA_VALIDATE_RET( label_len == 0 || label != NULL ); RSA_VALIDATE_RET( label_len == 0 || label != NULL );
RSA_VALIDATE_RET( input != NULL ); RSA_VALIDATE_RET( input != NULL );
@ -1380,7 +1377,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
/* /*
* Parameters sanity checks * Parameters sanity checks
*/ */
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 ) if( ctx->padding != MBEDTLS_RSA_PKCS_V21 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
ilen = ctx->len; ilen = ctx->len;
@ -1401,9 +1398,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
/* /*
* RSA operation * RSA operation
*/ */
ret = ( mode == MBEDTLS_RSA_PUBLIC ) ret = mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
? mbedtls_rsa_public( ctx, input, buf )
: mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
if( ret != 0 ) if( ret != 0 )
goto cleanup; goto cleanup;
@ -1783,7 +1778,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
#if defined(MBEDTLS_PKCS1_V21) #if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21: case MBEDTLS_RSA_PKCS_V21:
return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, NULL, 0, return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, NULL, 0,
olen, input, output, olen, input, output,
output_max_len ); output_max_len );
#endif #endif

10
tests/suites/test_suite_rsa.function
View File

@ -223,31 +223,21 @@ void rsa_invalid_param( )
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL, mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL,
valid_mode,
buf, sizeof( buf ), buf, sizeof( buf ),
&olen, &olen,
buf, buf, 42 ) ); buf, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
invalid_mode,
buf, sizeof( buf ),
&olen,
buf, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
valid_mode,
NULL, sizeof( buf ), NULL, sizeof( buf ),
NULL, NULL,
buf, buf, 42 ) ); buf, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
valid_mode,
buf, sizeof( buf ), buf, sizeof( buf ),
&olen, &olen,
NULL, buf, 42 ) ); NULL, buf, 42 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL,
valid_mode,
buf, sizeof( buf ), buf, sizeof( buf ),
&olen, &olen,
buf, NULL, 42 ) ); buf, NULL, 42 ) );