Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.5k stars 2.6k forks source link

Remove code that is only used when MBEDTLS_USE_PSA_CRYPTO is disabled #9631

Open gilles-peskine-arm opened 1 month ago

gilles-peskine-arm commented 1 month ago

Remove all the code that is only used when MBEDTLS_USE_PSA_CRYPTO is disabled.

Remove #define MBEDTLS_USE_PSA_CRYPTO.

Follow-up to https://github.com/Mbed-TLS/mbedtls/issues/9630. We should also do https://github.com/Mbed-TLS/mbedtls/issues/9676 first (not strictly required, but I think it's easier to do it in this order).

Definition of done: MBEDTLS_USE_PSA_CRYPTO no longer appears in any code. It may still appear in documentation (covered by https://github.com/Mbed-TLS/mbedtls/issues/9632).

gilles-peskine-arm commented 3 weeks ago

I'm upping the size estimate. This is easy, but tedious: each place where MBEDTLS_USE_PSA_CRYPTO is used is easy or trivial to update, but there are a lot of them.

After a bit of experimentation, unifdef can help us. It seems to at least handle the simple cases correctly. Use the latest version (unifdef 2.10 errors out in many places in our code; 2.12 only chokes in three places, see https://github.com/gilles-peskine-arm/mbedtls/tree/use_psa_crypto-remove_with_unifdef-1). That still leaves many places with complex expressions like #if defined(FOO) && defined(MBEDTLS_USE_PSA_CRYPTO) that unifdef doesn't touch.