From e3013da240d7dbea86c765af236b34a803894586 Mon Sep 17 00:00:00 2001
From: Thomas Daubney <thomas.daubney@arm.com>
Date: Thu, 18 Jul 2024 12:26:26 +0100
Subject: [PATCH] Remove MBEDTLS_ECDSA_VERIFY_ALT

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
---
 include/mbedtls/check_config.h                    |  1 -
 include/mbedtls/mbedtls_config.h                  |  1 -
 .../drivers/builtin/include/mbedtls/ecdsa.h       |  3 ---
 tf-psa-crypto/drivers/builtin/src/ecdsa.c         | 15 ++-------------
 4 files changed, 2 insertions(+), 18 deletions(-)

diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index a26076102c..f8197e44e2 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -186,7 +186,6 @@
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)           && \
     ( defined(MBEDTLS_ECDSA_SIGN_ALT)          || \
-      defined(MBEDTLS_ECDSA_VERIFY_ALT)        || \
       defined(MBEDTLS_ECDSA_GENKEY_ALT) )
 #error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative ECP implementation"
 #endif
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index a675f317fa..dd047e98d6 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -350,7 +350,6 @@
  */
 //#define MBEDTLS_TIMING_ALT
 
-//#define MBEDTLS_ECDSA_VERIFY_ALT
 //#define MBEDTLS_ECDSA_SIGN_ALT
 //#define MBEDTLS_ECDSA_GENKEY_ALT
 
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h
index 2ecf349115..557f02b462 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/ecdsa.h
@@ -375,7 +375,6 @@ int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
                          const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
                          const mbedtls_mpi *s);
 
-#if !defined(MBEDTLS_ECDSA_VERIFY_ALT)
 /**
  * \brief           This function verifies the ECDSA signature of a
  *                  previously-hashed message, in a restartable manner
@@ -418,8 +417,6 @@ int mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp,
                                      const mbedtls_mpi *s,
                                      mbedtls_ecdsa_restart_ctx *rs_ctx);
 
-#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
-
 /**
  * \brief           This function computes the ECDSA signature and writes it
  *                  to a buffer, serialized as defined in <em>RFC-4492:
diff --git a/tf-psa-crypto/drivers/builtin/src/ecdsa.c b/tf-psa-crypto/drivers/builtin/src/ecdsa.c
index 2f7a996a7e..da4c9e8dad 100644
--- a/tf-psa-crypto/drivers/builtin/src/ecdsa.c
+++ b/tf-psa-crypto/drivers/builtin/src/ecdsa.c
@@ -194,8 +194,7 @@ static void ecdsa_restart_det_free(mbedtls_ecdsa_restart_det_ctx *ctx)
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC) || \
-    !defined(MBEDTLS_ECDSA_SIGN_ALT)     || \
-    !defined(MBEDTLS_ECDSA_VERIFY_ALT)
+    !defined(MBEDTLS_ECDSA_SIGN_ALT)
 /*
  * Derive a suitable integer for group grp from a buffer of length len
  * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3
@@ -220,7 +219,7 @@ static int derive_mpi(const mbedtls_ecp_group *grp, mbedtls_mpi *x,
 cleanup:
     return ret;
 }
-#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
+#endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT */
 
 int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
 {
@@ -480,7 +479,6 @@ int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r,
 }
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
-#if !defined(MBEDTLS_ECDSA_VERIFY_ALT)
 /*
  * Verify ECDSA signature of hashed message (SEC1 4.1.4)
  * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message)
@@ -601,7 +599,6 @@ int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
 {
     return mbedtls_ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL);
 }
-#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
 
 /*
  * Convert a signature (given by context) to ASN.1
@@ -741,19 +738,11 @@ int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
         ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
-#if defined(MBEDTLS_ECDSA_VERIFY_ALT)
-    (void) rs_ctx;
 
-    if ((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen,
-                                    &ctx->Q, &r, &s)) != 0) {
-        goto cleanup;
-    }
-#else
     if ((ret = mbedtls_ecdsa_verify_restartable(&ctx->grp, hash, hlen,
                                                 &ctx->Q, &r, &s, rs_ctx)) != 0) {
         goto cleanup;
     }
-#endif /* MBEDTLS_ECDSA_VERIFY_ALT */
 
     /* At this point we know that the buffer starts with a valid signature.
      * Return 0 if the buffer just contains the signature, and a specific