From e09aeb4923f17449be7b8cda9a998e5c31ba273c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 4 Dec 2020 00:31:09 +0100 Subject: [PATCH] Remove redundant NIST_KW checks in cipher_auth_xxcrypt() The internal functions mbedtls_cipher_aead_{encrypt,decrypt} reject unsupported algorithms, so there's no need for an additional check in the legacy wrappers. Signed-off-by: Gilles Peskine --- library/cipher.c | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index cf45446f79..5031092533 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -1488,17 +1488,6 @@ int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( olen != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); -#if defined(MBEDTLS_NIST_KW_C) - if( MBEDTLS_MODE_KW == ctx->cipher_info->mode || - MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) - { - /* NIST_KW is not supported because we used to document the wrong size - * of the output buffer, so people should move to the _ext API, - * which has an explicit argument for buffer size. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - } -#endif /* MBEDTLS_NIST_KW_C */ - return( mbedtls_cipher_aead_encrypt( ctx, iv, iv_len, ad, ad_len, input, ilen, output, olen, tag, tag_len ) ); @@ -1522,17 +1511,6 @@ int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx, CIPHER_VALIDATE_RET( olen != NULL ); CIPHER_VALIDATE_RET( tag_len == 0 || tag != NULL ); -#if defined(MBEDTLS_NIST_KW_C) - if( MBEDTLS_MODE_KW == ctx->cipher_info->mode || - MBEDTLS_MODE_KWP == ctx->cipher_info->mode ) - { - /* NIST_KW is not supported because we used to document the wrong size - * of the output buffer, so people should move to the _ext API, - * which has an explicit argument for buffer size. */ - return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); - } -#endif /* MBEDTLS_NIST_KW_C */ - return( mbedtls_cipher_aead_decrypt( ctx, iv, iv_len, ad, ad_len, input, ilen, output, olen, tag, tag_len ) );