Removes mode parameter from mbedtls_rsa_rsassa_pkcs1_v15_verify

Commit removes mode parameter from mbedtls_rsa_rsassa_pkcs1_v15_verify and propagates the change throughout the codebase. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2025-11-03 12:11:27 -05:00 · 2021-05-19 11:48:53 +01:00 · 2021-05-19 11:48:53 +01:00 · 2e1262517c
commit 2e1262517c
parent 475053df2c
3 changed files with 3 additions and 27 deletions
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@ -1006,18 +1006,7 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
 * \brief          This function performs a PKCS#1 v1.5 verification
 *                 operation (RSASSA-PKCS1-v1_5-VERIFY).
 *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
 * \param ctx      The initialized RSA public key context to use.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
 * \param md_alg   The message-digest algorithm used to hash the original data.
 *                 Use #MBEDTLS_MD_NONE for signing raw data.
 * \param hashlen  The length of the message digest.
@ -1035,7 +1024,6 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
 */
 int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
-                                 int mode,
                                 mbedtls_md_type_t md_alg,
                                 unsigned int hashlen,
                                 const unsigned char *hash,
--- a/library/rsa.c
+++ b/library/rsa.c
@ -2331,7 +2331,6 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
 * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-v1_5-VERIFY function
 */
 int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
-                                 int mode,
                                 mbedtls_md_type_t md_alg,
                                 unsigned int hashlen,
                                 const unsigned char *hash,
@ -2342,8 +2341,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
    unsigned char *encoded = NULL, *encoded_expected = NULL;

    RSA_VALIDATE_RET( ctx != NULL );
-    RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
-                      mode == MBEDTLS_RSA_PUBLIC );
    RSA_VALIDATE_RET( sig != NULL );
    RSA_VALIDATE_RET( ( md_alg  == MBEDTLS_MD_NONE &&
                        hashlen == 0 ) ||
@ -2351,9 +2348,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,

    sig_len = ctx->len;

-    if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
-        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
-
    /*
     * Prepare expected PKCS1 v1.5 encoding of hash.
     */
@ -2373,9 +2367,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
     * Apply RSA primitive to get what should be PKCS1 encoded hash.
     */

-    ret = ( mode == MBEDTLS_RSA_PUBLIC )
-          ? mbedtls_rsa_public(  ctx, sig, encoded )
-          : mbedtls_rsa_private( ctx, NULL, NULL, sig, encoded );
+    ret = mbedtls_rsa_public(  ctx, sig, encoded );
    if( ret != 0 )
        goto cleanup;

@ -2427,8 +2419,8 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
    {
 #if defined(MBEDTLS_PKCS1_V15)
        case MBEDTLS_RSA_PKCS_V15:
-            return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, MBEDTLS_RSA_PUBLIC, md_alg,
-                                                hashlen, hash, sig );
+            return mbedtls_rsa_rsassa_pkcs1_v15_verify( ctx, md_alg,
+                                                        hashlen, hash, sig );
 #endif

 #if defined(MBEDTLS_PKCS1_V21)
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@ -298,22 +298,18 @@ void rsa_invalid_param( )

    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
                            mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL,
-                                                          MBEDTLS_RSA_PUBLIC,
                                                          0, sizeof( buf ), buf,
                                                          buf ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
                            mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
-                                                          MBEDTLS_RSA_PUBLIC,
                                                          0, sizeof( buf ),
                                                          NULL, buf ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
                            mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
-                                                          MBEDTLS_RSA_PUBLIC,
                                                          0, sizeof( buf ), buf,
                                                          NULL ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
                            mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx,
-                                                          MBEDTLS_RSA_PUBLIC,
                                                          MBEDTLS_MD_SHA1,
                                                          0, NULL,
                                                          buf ) );