Rm dead !USE_PSA code: SSL hooks

unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl_{ticket,cookie}.[ch] Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-08-07 06:42:56 +03:00 · 2025-01-22 12:09:14 +01:00
parent f60b09b019
commit b18c8b957b
4 changed files with 0 additions and 237 deletions
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -22,7 +22,6 @@

 #include <string.h>

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "mbedtls/psa_util.h"
 /* Define a local translating function to save code size by not using too many
 * arguments in each translating place. */
@@ -33,7 +32,6 @@ static int local_err_translation(psa_status_t status)
                                 psa_generic_status_to_mbedtls);
 }
 #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
-#endif

 /*
 * If DTLS is in use, then at least one of SHA-256 or SHA-384 is
@@ -59,21 +57,12 @@ static int local_err_translation(psa_status_t status)

 void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx)
 {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    ctx->psa_hmac_key = MBEDTLS_SVC_KEY_ID_INIT;
-#else
-    mbedtls_md_init(&ctx->hmac_ctx);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #if !defined(MBEDTLS_HAVE_TIME)
    ctx->serial = 0;
 #endif
    ctx->timeout = MBEDTLS_SSL_COOKIE_TIMEOUT;

-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_init(&ctx->mutex);
-#endif
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
 }

 void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx, unsigned long delay)
@@ -87,15 +76,7 @@ void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx)
        return;
    }

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_destroy_key(ctx->psa_hmac_key);
-#else
-    mbedtls_md_free(&ctx->hmac_ctx);
-
-#if defined(MBEDTLS_THREADING_C)
-    mbedtls_mutex_free(&ctx->mutex);
-#endif
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

    mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ssl_cookie_ctx));
 }
@@ -104,7 +85,6 @@ int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
                             int (*f_rng)(void *, unsigned char *, size_t),
                             void *p_rng)
 {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
    psa_algorithm_t alg;
@@ -130,57 +110,10 @@ int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
                                   &ctx->psa_hmac_key)) != PSA_SUCCESS) {
        return PSA_TO_MBEDTLS_ERR(status);
    }
-#else
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    unsigned char key[COOKIE_MD_OUTLEN];
-
-    if ((ret = f_rng(p_rng, key, sizeof(key))) != 0) {
-        return ret;
-    }
-
-    ret = mbedtls_md_setup(&ctx->hmac_ctx, mbedtls_md_info_from_type(COOKIE_MD), 1);
-    if (ret != 0) {
-        return ret;
-    }
-
-    ret = mbedtls_md_hmac_starts(&ctx->hmac_ctx, key, sizeof(key));
-    if (ret != 0) {
-        return ret;
-    }
-
-    mbedtls_platform_zeroize(key, sizeof(key));
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

    return 0;
 }

-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-/*
- * Generate the HMAC part of a cookie
- */
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_cookie_hmac(mbedtls_md_context_t *hmac_ctx,
-                           const unsigned char time[4],
-                           unsigned char **p, unsigned char *end,
-                           const unsigned char *cli_id, size_t cli_id_len)
-{
-    unsigned char hmac_out[COOKIE_MD_OUTLEN];
-
-    MBEDTLS_SSL_CHK_BUF_PTR(*p, end, COOKIE_HMAC_LEN);
-
-    if (mbedtls_md_hmac_reset(hmac_ctx) != 0 ||
-        mbedtls_md_hmac_update(hmac_ctx, time, 4) != 0 ||
-        mbedtls_md_hmac_update(hmac_ctx, cli_id, cli_id_len) != 0 ||
-        mbedtls_md_hmac_finish(hmac_ctx, hmac_out) != 0) {
-        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-    }
-
-    memcpy(*p, hmac_out, COOKIE_HMAC_LEN);
-    *p += COOKIE_HMAC_LEN;
-
-    return 0;
-}
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */

 /*
 * Generate cookie for DTLS ClientHello verification
@@ -189,11 +122,9 @@ int mbedtls_ssl_cookie_write(void *p_ctx,
                             unsigned char **p, unsigned char *end,
                             const unsigned char *cli_id, size_t cli_id_len)
 {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
    size_t sign_mac_length = 0;
-#endif
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
    unsigned long t;
@@ -213,7 +144,6 @@ int mbedtls_ssl_cookie_write(void *p_ctx,
    MBEDTLS_PUT_UINT32_BE(t, *p, 0);
    *p += 4;

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    status = psa_mac_sign_setup(&operation, ctx->psa_hmac_key,
                                ctx->psa_hmac_alg);
    if (status != PSA_SUCCESS) {
@@ -243,31 +173,12 @@ int mbedtls_ssl_cookie_write(void *p_ctx,
    *p += COOKIE_HMAC_LEN;

    ret = 0;
-#else
-#if defined(MBEDTLS_THREADING_C)
-    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
-        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret);
-    }
-#endif

-    ret = ssl_cookie_hmac(&ctx->hmac_ctx, *p - 4,
-                          p, end, cli_id, cli_id_len);
-
-#if defined(MBEDTLS_THREADING_C)
-    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
-        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR,
-                                 MBEDTLS_ERR_THREADING_MUTEX_ERROR);
-    }
-#endif
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 exit:
    status = psa_mac_abort(&operation);
    if (status != PSA_SUCCESS) {
        ret = PSA_TO_MBEDTLS_ERR(status);
    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
    return ret;
 }

@@ -278,13 +189,8 @@ int mbedtls_ssl_cookie_check(void *p_ctx,
                             const unsigned char *cookie, size_t cookie_len,
                             const unsigned char *cli_id, size_t cli_id_len)
 {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-#else
-    unsigned char ref_hmac[COOKIE_HMAC_LEN];
-    unsigned char *p = ref_hmac;
-#endif
    int ret = 0;
    mbedtls_ssl_cookie_ctx *ctx = (mbedtls_ssl_cookie_ctx *) p_ctx;
    unsigned long cur_time, cookie_time;
@@ -297,7 +203,6 @@ int mbedtls_ssl_cookie_check(void *p_ctx,
        return -1;
    }

-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    status = psa_mac_verify_setup(&operation, ctx->psa_hmac_key,
                                  ctx->psa_hmac_alg);
    if (status != PSA_SUCCESS) {
@@ -326,35 +231,6 @@ int mbedtls_ssl_cookie_check(void *p_ctx,
    }

    ret = 0;
-#else
-#if defined(MBEDTLS_THREADING_C)
-    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
-        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret);
-    }
-#endif
-
-    if (ssl_cookie_hmac(&ctx->hmac_ctx, cookie,
-                        &p, p + sizeof(ref_hmac),
-                        cli_id, cli_id_len) != 0) {
-        ret = -1;
-    }
-
-#if defined(MBEDTLS_THREADING_C)
-    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
-        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_SSL_INTERNAL_ERROR,
-                                MBEDTLS_ERR_THREADING_MUTEX_ERROR);
-    }
-#endif
-
-    if (ret != 0) {
-        goto exit;
-    }
-
-    if (mbedtls_ct_memcmp(cookie + 4, ref_hmac, sizeof(ref_hmac)) != 0) {
-        ret = -1;
-        goto exit;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */

 #if defined(MBEDTLS_HAVE_TIME)
    cur_time = (unsigned long) mbedtls_time(NULL);
@@ -370,14 +246,10 @@ int mbedtls_ssl_cookie_check(void *p_ctx,
    }

 exit:
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
    status = psa_mac_abort(&operation);
    if (status != PSA_SUCCESS) {
        ret = PSA_TO_MBEDTLS_ERR(status);
    }
-#else
-    mbedtls_platform_zeroize(ref_hmac, sizeof(ref_hmac));
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
    return ret;
 }
 #endif /* MBEDTLS_SSL_COOKIE_C */