From 88c2755a3049304973031a3cacbfbd5dff1b63eb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 11 Mar 2024 18:49:54 +0100 Subject: [PATCH] mbedtls_pk_decrypt/encrypt actually check the padding mode The sign/verify functions happily use the wrong algorithm, but the encrypt/decrypt functions error out if the padding mode specifies V21. Signed-off-by: Gilles Peskine --- ChangeLog.d/8824.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ChangeLog.d/8824.txt b/ChangeLog.d/8824.txt index abc305fcf..6d6bcb70f 100644 --- a/ChangeLog.d/8824.txt +++ b/ChangeLog.d/8824.txt @@ -1,7 +1,8 @@ Bugfix * Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() and mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in - the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled, they always - used PKCS#1 v1.5 even when the RSA context was configured for PKCS#1 v2.1 - (PSS/OAEP). Fixes #8824. + the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled and the + RSA context was configured for PKCS#1 v2.1 (PSS/OAEP), the sign/verify + functions performed a PKCS#1 v1.5 signature instead and the + encrypt/decrypt functions returned an error. Fixes #8824.