diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index e7ab073b0..103d6915f 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -939,21 +939,10 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, * the key size in bytes), this function returns * #MBEDTLS_ERR_RSA_BAD_INPUT_DATA. * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * implicitly set to #MBEDTLS_RSA_PRIVATE. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PUBLIC and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA context to use. * \param f_rng The RNG function. It must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be \c NULL * if \p f_rng doesn't need a context argument. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -974,7 +963,6 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 192f4a397..4f4159654 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -433,7 +433,6 @@ static psa_status_t rsa_sign_hash( ret = mbedtls_rsa_rsassa_pss_sign( rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, (unsigned int) hash_length, hash, diff --git a/library/rsa.c b/library/rsa.c index 8129429b9..b241b8fee 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1897,13 +1897,12 @@ int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, unsigned char *sig ) { - return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg, + return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig ); } #endif /* MBEDTLS_PKCS1_V21 */ @@ -2134,8 +2133,8 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, #if defined(MBEDTLS_PKCS1_V21) case MBEDTLS_RSA_PKCS_V21: - return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, - md_alg, hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pss_sign( ctx, f_rng, p_rng, md_alg, + hashlen, hash, sig ); #endif default: diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 440c57174..814385baa 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -241,22 +241,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, NULL, buf ) );