diff --git a/library/rsa.c b/library/rsa.c index 26a93c1b9..a788337a5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -500,9 +500,20 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx ) int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, mbedtls_md_type_t hash_id ) { - if( ( padding != MBEDTLS_RSA_PKCS_V15 ) && - ( padding != MBEDTLS_RSA_PKCS_V21 ) ) - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + switch( padding ) + { +#if defined(MBEDTLS_PKCS1_V15) + case MBEDTLS_RSA_PKCS_V15: + break; +#endif + +#if defined(MBEDTLS_PKCS1_V21) + case MBEDTLS_RSA_PKCS_V21: + break; +#endif + default: + return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + } if( ( padding == MBEDTLS_RSA_PKCS_V21 ) && ( hash_id != MBEDTLS_MD_NONE ) ) diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index e7fcf511a..26056dd9b 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -119,7 +119,7 @@ int main( int argc, char *argv[] ) MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 ) ) != 0 ) { - mbedtls_printf( " failed\n ! Invalid padding\n" ); + mbedtls_printf( " failed\n ! Padding not supported\n" ); goto exit; } diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 086544401..14b4afc3a 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -36,6 +36,20 @@ void rsa_invalid_param( ) invalid_hash_id ), MBEDTLS_ERR_RSA_INVALID_PADDING ); +#if !defined(MBEDTLS_PKCS1_V15) + TEST_EQUAL( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V15, + MBEDTLS_MD_NONE ), + MBEDTLS_ERR_RSA_INVALID_PADDING ); +#endif + +#if !defined(MBEDTLS_PKCS1_V21) + TEST_EQUAL( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V21, + MBEDTLS_MD_NONE ), + MBEDTLS_ERR_RSA_INVALID_PADDING ); +#endif + exit: mbedtls_rsa_free( &ctx ); }