From 2e1262517cb7e11e508c5cf20b49dfd399d77410 Mon Sep 17 00:00:00 2001 From: Thomas Daubney Date: Wed, 19 May 2021 11:48:53 +0100 Subject: [PATCH] Removes mode parameter from mbedtls_rsa_rsassa_pkcs1_v15_verify Commit removes mode parameter from mbedtls_rsa_rsassa_pkcs1_v15_verify and propagates the change throughout the codebase. Signed-off-by: Thomas Daubney --- include/mbedtls/rsa.h | 12 ------------ library/rsa.c | 14 +++----------- tests/suites/test_suite_rsa.function | 4 ---- 3 files changed, 3 insertions(+), 27 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 6a0309af0..869bfd923 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -1006,18 +1006,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \brief This function performs a PKCS#1 v1.5 verification * operation (RSASSA-PKCS1-v1_5-VERIFY). * - * \deprecated It is deprecated and discouraged to call this function - * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library - * are likely to remove the \p mode argument and have it - * set to #MBEDTLS_RSA_PUBLIC. - * - * \note Alternative implementations of RSA need not support - * mode being set to #MBEDTLS_RSA_PRIVATE and might instead - * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED. - * * \param ctx The initialized RSA public key context to use. - * \param mode The mode of operation. This must be either - * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated). * \param md_alg The message-digest algorithm used to hash the original data. * Use #MBEDTLS_MD_NONE for signing raw data. * \param hashlen The length of the message digest. @@ -1035,7 +1024,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, diff --git a/library/rsa.c b/library/rsa.c index 4d569704a..bdb2b7ef3 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2331,7 +2331,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, - int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, @@ -2342,8 +2341,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, unsigned char *encoded = NULL, *encoded_expected = NULL; RSA_VALIDATE_RET( ctx != NULL ); - RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE || - mode == MBEDTLS_RSA_PUBLIC ); RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hashlen == 0 ) || @@ -2351,9 +2348,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, sig_len = ctx->len; - if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - /* * Prepare expected PKCS1 v1.5 encoding of hash. */ @@ -2373,9 +2367,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * Apply RSA primitive to get what should be PKCS1 encoded hash. */ - ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, encoded ) - : mbedtls_rsa_private( ctx, NULL, NULL, sig, encoded ); + ret = mbedtls_rsa_public( ctx, sig, encoded ); if( ret != 0 ) goto cleanup; @@ -2427,8 +2419,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, { #if defined(MBEDTLS_PKCS1_V15) case MBEDTLS_RSA_PKCS_V15: - return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, MBEDTLS_RSA_PUBLIC, md_alg, - hashlen, hash, sig ); + return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, md_alg, + hashlen, hash, sig ); #endif #if defined(MBEDTLS_PKCS1_V21) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 8f952b38f..f6aaa7a02 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -298,22 +298,18 @@ void rsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), NULL, buf ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, - MBEDTLS_RSA_PUBLIC, 0, sizeof( buf ), buf, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, - MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, NULL, buf ) );