Removes mode param from mbedtls_rsa_rsaes_pkcs1_v15_encrypt
Removal of mode parameter from
mbedtls_rsa_rsaes_pkcs1_v15_encrypt. This commit
propagates the change to all relevant function calls
and tests.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 9433215..47726ec 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -605,25 +605,15 @@
* \brief This function performs a PKCS#1 v1.5 encryption operation
* (RSAES-PKCS1-v1_5-ENCRYPT).
*
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
* \param ctx The initialized RSA context to use.
- * \param f_rng The RNG function to use. It is needed for padding generation
- * if \p mode is #MBEDTLS_RSA_PUBLIC. If \p mode is
- * #MBEDTLS_RSA_PRIVATE (discouraged), it is used for
- * blinding and should be provided; see mbedtls_rsa_private().
+ * \param f_rng The RNG function to use. It is needed for padding generation.
* \param p_rng The RNG context to be passed to \p f_rng. This may
* be \c NULL if \p f_rng is \c NULL or if \p f_rng
* doesn't need a context argument.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param ilen The length of the plaintext in Bytes.
* \param input The input data to encrypt. This must be a readable
* buffer of size \p ilen Bytes. It may be \c NULL if
@@ -638,7 +628,7 @@
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
- int mode, size_t ilen,
+ size_t ilen,
const unsigned char *input,
unsigned char *output );
diff --git a/library/rsa.c b/library/rsa.c
index 5ecc778..6651c88 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1244,8 +1244,7 @@
*/
int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
- void *p_rng,
- int mode, size_t ilen,
+ void *p_rng, size_t ilen,
const unsigned char *input,
unsigned char *output )
{
@@ -1254,14 +1253,9 @@
unsigned char *p = output;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( output != NULL );
RSA_VALIDATE_RET( ilen == 0 || input != NULL );
- if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
olen = ctx->len;
/* first comparison checks for overflow */
@@ -1271,43 +1265,32 @@
nb_pad = olen - 3 - ilen;
*p++ = 0;
- if( mode == MBEDTLS_RSA_PUBLIC )
+
+ if( f_rng == NULL )
+ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+
+ *p++ = MBEDTLS_RSA_CRYPT;
+
+ while( nb_pad-- > 0 )
{
- if( f_rng == NULL )
- return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+ int rng_dl = 100;
- *p++ = MBEDTLS_RSA_CRYPT;
+ do {
+ ret = f_rng( p_rng, p, 1 );
+ } while( *p == 0 && --rng_dl && ret == 0 );
- while( nb_pad-- > 0 )
- {
- int rng_dl = 100;
+ /* Check if RNG failed to generate data */
+ if( rng_dl == 0 || ret != 0 )
+ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
- do {
- ret = f_rng( p_rng, p, 1 );
- } while( *p == 0 && --rng_dl && ret == 0 );
-
- /* Check if RNG failed to generate data */
- if( rng_dl == 0 || ret != 0 )
- return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
-
- p++;
- }
- }
- else
- {
- *p++ = MBEDTLS_RSA_SIGN;
-
- while( nb_pad-- > 0 )
- *p++ = 0xFF;
+ p++;
}
*p++ = 0;
if( ilen != 0 )
memcpy( p, input, ilen );
- return( ( mode == MBEDTLS_RSA_PUBLIC )
- ? mbedtls_rsa_public( ctx, output, output )
- : mbedtls_rsa_private( ctx, f_rng, p_rng, output, output ) );
+ return( mbedtls_rsa_public( ctx, output, output ) );
}
#endif /* MBEDTLS_PKCS1_V15 */
@@ -1330,8 +1313,7 @@
#if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15:
return mbedtls_rsa_rsaes_pkcs1_v15_encrypt( ctx, f_rng, p_rng,
- MBEDTLS_RSA_PUBLIC, ilen,
- input, output );
+ ilen, input, output );
#endif
#if defined(MBEDTLS_PKCS1_V21)
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 4a818c5..d3b65b2 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -116,22 +116,16 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL,
- NULL,
- MBEDTLS_RSA_PUBLIC,
- sizeof( buf ), buf,
- buf ) );
+ NULL, sizeof( buf ),
+ buf, buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
- NULL,
- MBEDTLS_RSA_PUBLIC,
- sizeof( buf ), NULL,
- buf ) );
+ NULL, sizeof( buf ),
+ NULL, buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL,
- NULL,
- MBEDTLS_RSA_PUBLIC,
- sizeof( buf ), buf,
- NULL ) );
+ NULL, sizeof( buf ),
+ buf, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL,