diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 38784fc5a..93dd7255e 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -705,7 +705,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * message padding. * * It is the generic wrapper for performing a PKCS#1 decryption - * operation using the \p mode from the context. + * operation. * * \note The output buffer length \c output_max_len should be * as large as the size \p ctx->len of \p ctx->N (for example, @@ -714,24 +714,16 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * hold the decryption of the particular ciphertext provided, * the function returns \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. * * \note Alternative implementations of RSA need not support * mode being set to #MBEDTLS_RSA_PUBLIC and might instead * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. * * \param ctx The initialized RSA context to use. - * \param f_rng The RNG function. If \p mode is #MBEDTLS_RSA_PRIVATE, - * this is used for blinding and should be provided; see - * mbedtls_rsa_private() for more. If \p mode is - * #MBEDTLS_RSA_PUBLIC, it is ignored. + * \param f_rng The RNG function. This is used for blinding and should + * be provided; see mbedtls_rsa_private() for more. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a context. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param olen The address at which to store the length of * the plaintext. This must not be \c NULL. * \param input The ciphertext buffer. This must be a readable buffer @@ -747,7 +739,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t *olen, + size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len ); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 3663fb848..8e4f25123 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -135,7 +135,7 @@ static int rsa_decrypt_wrap( void *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng, - MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); + olen, input, output, osize ) ); } static int rsa_encrypt_wrap( void *ctx, diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c15321790..8f0b62c26 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3171,7 +3171,6 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, mbedtls_rsa_pkcs1_decrypt( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, output_length, input, output, diff --git a/library/rsa.c b/library/rsa.c index 209273e09..502fe8654 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1763,14 +1763,12 @@ cleanup: int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, size_t *olen, + size_t *olen, const unsigned char *input, unsigned char *output, size_t output_max_len) { RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( output_max_len == 0 || output != NULL ); RSA_VALIDATE_RET( input != NULL ); RSA_VALIDATE_RET( olen != NULL ); @@ -1779,13 +1777,13 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, mode, olen, + return mbedtls_rsa_rsaes_pkcs1_v15_decrypt( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, olen, input, output, output_max_len ); #endif #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, mode, NULL, 0, + return mbedtls_rsa_rsaes_oaep_decrypt( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, NULL, 0, olen, input, output, output_max_len ); #endif @@ -2733,7 +2731,7 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 decryption : " ); - if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, + if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, &len, rsa_ciphertext, rsa_decrypted, sizeof(rsa_decrypted) ) != 0 ) { diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 01bf3a621..1ba8c735d 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -177,7 +177,7 @@ int main( int argc, char *argv[] ) fflush( stdout ); ret = mbedtls_rsa_pkcs1_decrypt( &rsa, mbedtls_ctr_drbg_random, - &ctr_drbg, MBEDTLS_RSA_PRIVATE, &i, + &ctr_drbg, &i, buf, result, 1024 ); if( ret != 0 ) { diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 9408bb8d5..b81bd7be4 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -66,7 +66,6 @@ int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, { return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, mbedtls_test_rnd_std_rand, NULL, - MBEDTLS_RSA_PRIVATE, olen, input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 273c6044e..b03bddac6 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -89,7 +89,6 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result ); } @@ -97,7 +96,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, { TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PRIVATE, + &rnd_info, &output_len, message_str->x, output, 1000 ) == result ); if( result == 0 ) @@ -211,7 +210,7 @@ void pkcs1_v15_decode( data_t *input, memcpy( final, default_content, sizeof( final ) ); TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PRIVATE, &output_length, + &rnd_info, &output_length, intermediate, final, output_size ) == expected_result ); if( expected_result == 0 ) diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 97f440d28..2e7f3399d 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -85,7 +85,6 @@ void pkcs1_rsaes_oaep_decrypt( int mod, data_t * input_P, data_t * input_Q, TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result ); } @@ -94,7 +93,6 @@ void pkcs1_rsaes_oaep_decrypt( int mod, data_t * input_P, data_t * input_Q, TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, sizeof( output ) ) == result ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 516b3a08f..1313f55a4 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -180,23 +180,19 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL, - valid_mode, &olen, + &olen, buf, buf, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, - invalid_mode, &olen, + NULL, buf, buf, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, - valid_mode, NULL, - buf, buf, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, - valid_mode, &olen, + &olen, NULL, buf, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, - valid_mode, &olen, + &olen, buf, NULL, 42 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, @@ -823,7 +819,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, output_len = 0; TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand, - &rnd_info, MBEDTLS_RSA_PRIVATE, + &rnd_info, &output_len, message_str->x, output, max_output ) == result ); if( result == 0 ) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 234ef4510..04ea69b1a 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -12,8 +12,7 @@ int mbedtls_rsa_decrypt_func( void *ctx, size_t *olen, size_t output_max_len ) { return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, olen, - input, output, output_max_len ) ); + olen, input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,