eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Removes mode parameter from mbedtls_rsa_rsassa_pkcs1_v15_verify

Browse source 
Commit removes mode parameter from
mbedtls_rsa_rsassa_pkcs1_v15_verify and
propagates the change throughout the
codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This commit is contained in:
Thomas Daubney 2021-05-19 11:48:53 +01:00
parent 475053df2c
commit 2e1262517c
3 changed files with 3 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

12
include/mbedtls/rsa.h
View file

@ -1006,18 +1006,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
* \brief This function performs a PKCS#1 v1.5 verification * \brief This function performs a PKCS#1 v1.5 verification
* operation (RSASSA-PKCS1-v1_5-VERIFY). * operation (RSASSA-PKCS1-v1_5-VERIFY).
* *
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
* are likely to remove the \p mode argument and have it
* set to #MBEDTLS_RSA_PUBLIC.
*
* \note Alternative implementations of RSA need not support
* mode being set to #MBEDTLS_RSA_PRIVATE and might instead
* return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
*
* \param ctx The initialized RSA public key context to use. * \param ctx The initialized RSA public key context to use.
* \param mode The mode of operation. This must be either
* #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data. * \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data. * Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest. * \param hashlen The length of the message digest.
@ -1035,7 +1024,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure. * \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/ */
int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
int mode,
mbedtls_md_type_t md_alg, mbedtls_md_type_t md_alg,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,

14
library/rsa.c
View file

@ -2331,7 +2331,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
* Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
*/ */
int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
int mode,
mbedtls_md_type_t md_alg, mbedtls_md_type_t md_alg,
unsigned int hashlen, unsigned int hashlen,
const unsigned char *hash, const unsigned char *hash,
@ -2342,8 +2341,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
unsigned char *encoded = NULL, *encoded_expected = NULL; unsigned char *encoded = NULL, *encoded_expected = NULL;
RSA_VALIDATE_RET( ctx != NULL ); RSA_VALIDATE_RET( ctx != NULL );
RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( sig != NULL ); RSA_VALIDATE_RET( sig != NULL );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) || hashlen == 0 ) ||
@ -2351,9 +2348,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
sig_len = ctx->len; sig_len = ctx->len;
if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
/* /*
* Prepare expected PKCS1 v1.5 encoding of hash. * Prepare expected PKCS1 v1.5 encoding of hash.
*/ */
@ -2373,9 +2367,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
* Apply RSA primitive to get what should be PKCS1 encoded hash. * Apply RSA primitive to get what should be PKCS1 encoded hash.
*/ */
ret = ( mode == MBEDTLS_RSA_PUBLIC ) ret = mbedtls_rsa_public( ctx, sig, encoded );
? mbedtls_rsa_public( ctx, sig, encoded )
: mbedtls_rsa_private( ctx, NULL, NULL, sig, encoded );
if( ret != 0 ) if( ret != 0 )
goto cleanup; goto cleanup;
@ -2427,8 +2419,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
{ {
#if defined(MBEDTLS_PKCS1_V15) #if defined(MBEDTLS_PKCS1_V15)
case MBEDTLS_RSA_PKCS_V15: case MBEDTLS_RSA_PKCS_V15:
return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, MBEDTLS_RSA_PUBLIC, md_alg, return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, md_alg,
hashlen, hash, sig ); hashlen, hash, sig );
#endif #endif
#if defined(MBEDTLS_PKCS1_V21) #if defined(MBEDTLS_PKCS1_V21)

4
tests/suites/test_suite_rsa.function
View file

@ -298,22 +298,18 @@ void rsa_invalid_param( )
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL,
MBEDTLS_RSA_PUBLIC,
0, sizeof( buf ), buf, 0, sizeof( buf ), buf,
buf ) ); buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
MBEDTLS_RSA_PUBLIC,
0, sizeof( buf ), 0, sizeof( buf ),
NULL, buf ) ); NULL, buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
MBEDTLS_RSA_PUBLIC,
0, sizeof( buf ), buf, 0, sizeof( buf ), buf,
NULL ) ); NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_SHA1, MBEDTLS_MD_SHA1,
0, NULL, 0, NULL,
buf ) ); buf ) );