From c6fc878eda1421c68a3414bf47546e4f64f63839 Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Mon, 2 Oct 2017 12:25:52 +0100
Subject: [PATCH] Remove `mbedtls_rsa_check_crt`

This is no longer needed after the decision to not exhaustively validate private key material.
---
 include/mbedtls/rsa.h       | 23 ------------
 library/pkparse.c           |  3 +-
 library/rsa.c               | 70 -------------------------------------
 programs/pkey/rsa_decrypt.c |  8 -----
 programs/pkey/rsa_sign.c    |  8 -----
 5 files changed, 1 insertion(+), 111 deletions(-)

diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index d3347fc03..df0ade80c 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -417,29 +417,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx,
                           int (*f_rng)(void *, unsigned char *, size_t),
                           void *p_rng );
 
-/**
- * \brief          Check if CRT-parameters match core parameters
- *
- * \param ctx      Complete RSA private key context
- * \param DP       Private exponent modulo P-1, or NULL
- * \param DQ       Private exponent modulo Q-1, or NULL
- * \param QP       Modular inverse of Q modulo P, or NULL
- *
- * \return         0 if successful, testifying that the non-NULL optional
- *                 parameters provided are in accordance with the core
- *                 RSA parameters. Non-zero error code otherwise.
- *
- * \note           This function performs in-place computations on the
- *                 parameters DP, DQ and QP. If modification cannot be
- *                 tolerated, you should make copies with mbedtls_mpi_copy
- *                 before calling this function.
- *
- */
-int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx,
-                           mbedtls_mpi *DP,
-                           mbedtls_mpi *DQ,
-                           mbedtls_mpi *QP );
-
 /**
  * \brief          Export core parameters of an RSA key
  *
diff --git a/library/pkparse.c b/library/pkparse.c
index a6916e7b9..f0b9db320 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -751,8 +751,7 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
     /* Check optional parameters */
     if( ( ret = mbedtls_asn1_get_mpi( &p, end, &DP ) ) != 0 ||
         ( ret = mbedtls_asn1_get_mpi( &p, end, &DQ ) ) != 0 ||
-        ( ret = mbedtls_asn1_get_mpi( &p, end, &QP ) ) != 0 ||
-        ( ret = mbedtls_rsa_check_crt( rsa, &DP, &DQ, &QP ) ) != 0 )
+        ( ret = mbedtls_asn1_get_mpi( &p, end, &QP ) ) != 0 )
         goto cleanup;
 
     if( p != end )
diff --git a/library/rsa.c b/library/rsa.c
index 1fcffdfc3..841f48976 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -706,52 +706,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx,
     return( 0 );
 }
 
-/*
- * Check if CRT parameters match RSA context.
- * This has to be implemented even if CRT is not used,
- * in order to be able to validate DER encoded RSA keys,
- * which always contain CRT parameters.
- */
-int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx,
-                           mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP )
-{
-    int ret = 0;
-
-    /* Check if key is private or public */
-    const int is_priv =
-        mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 &&
-        mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0;
-
-    if( !is_priv )
-    {
-        /* Checking optional parameters only makes sense for private keys. */
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-
-#if !defined(MBEDTLS_RSA_NO_CRT)
-    if( ( DP != NULL && mbedtls_mpi_cmp_mpi( DP, &ctx->DP ) != 0 ) ||
-        ( DQ != NULL && mbedtls_mpi_cmp_mpi( DQ, &ctx->DQ ) != 0 ) ||
-        ( QP != NULL && mbedtls_mpi_cmp_mpi( QP, &ctx->QP ) != 0 ) )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-#else /* MBEDTLS_RSA_NO_CRT */
-    if( ( ret = mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D,
-                                          DP, DQ, QP ) ) != 0 )
-    {
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-    }
-#endif
-
-    if( ret != 0 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret );
-
-    return( 0 );
-}
-
 int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
                             unsigned char *N, size_t N_len,
                             unsigned char *P, size_t P_len,
@@ -2532,21 +2486,6 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx )
                 "910E4168387E3C30AA1E00C339A79508" \
                 "8452DD96A9A5EA5D9DCA68DA636032AF"
 
-#define RSA_DP  "C1ACF567564274FB07A0BBAD5D26E298" \
-                "3C94D22288ACD763FD8E5600ED4A702D" \
-                "F84198A5F06C2E72236AE490C93F07F8" \
-                "3CC559CD27BC2D1CA488811730BB5725"
-
-#define RSA_DQ  "4959CBF6F8FEF750AEE6977C155579C7" \
-                "D8AAEA56749EA28623272E4F7D0592AF" \
-                "7C1F1313CAC9471B5C523BFE592F517B" \
-                "407A1BD76C164B93DA2D32A383E58357"
-
-#define RSA_QP  "9AE7FBC99546432DF71896FC239EADAE" \
-                "F38D18D2B2F0E2DD275AA977E2BF4411" \
-                "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
-                "A74206CEC169D74BF5A8C50D6F48EA08"
-
 #define PT_LEN  24
 #define RSA_PT  "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
                 "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD"
@@ -2619,15 +2558,6 @@ int mbedtls_rsa_self_test( int verbose )
         return( 1 );
     }
 
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_DP  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, &K, NULL, NULL ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_DQ  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, NULL, &K, NULL ) );
-
-    MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_QP  ) );
-    MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, NULL, NULL, &K ) );
-
     if( verbose != 0 )
         mbedtls_printf( "passed\n  PKCS#1 encryption : " );
 
diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
index 493c8706e..48275bc23 100644
--- a/programs/pkey/rsa_decrypt.c
+++ b/programs/pkey/rsa_decrypt.c
@@ -150,14 +150,6 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-    /* Although we're not using them, verify CRT parameters */
-    if( ( return_val = mbedtls_rsa_check_crt( &rsa, &DP, &DQ, &QP ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_rsa_check_crt returned %d\n\n",
-                        return_val );
-        goto exit;
-    }
-
     /*
      * Extract the RSA encrypted value from the text file
      */
diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
index 5f615618f..ff6473632 100644
--- a/programs/pkey/rsa_sign.c
+++ b/programs/pkey/rsa_sign.c
@@ -130,14 +130,6 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-    /* Although we're not using them, verify CRT parameters */
-    if( ( ret = mbedtls_rsa_check_crt( &rsa, &DP, &DQ, &QP ) ) != 0 )
-    {
-        mbedtls_printf( " failed\n  ! mbedtls_rsa_check_crt returned %d\n\n",
-                        ret );
-        goto exit;
-    }
-
     /*
      * Compute the SHA-256 hash of the input file,
      * then calculate the RSA signature of the hash.