cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-30 08:56:50 -04:00
Code Issues Packages Projects Releases Wiki Activity

rsa: rsa_rsassa_pss_sign() to check MD alg both in parameters and RSA context

Browse Source 
This helps fixing a disparity between the legacy and the USE_PSA
case for rsa_sign_wrap() in pk_wrap.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti 2024-02-26 13:52:34 +01:00
parent f22eff99a6
commit e700d8086e
2 changed files with 4 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
library/rsa.c
View File

@ -2231,7 +2231,7 @@ static int rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
if (ctx->padding != MBEDTLS_RSA_PKCS_V21) { if (ctx->padding != MBEDTLS_RSA_PKCS_V21) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
} }
if (ctx->hash_id == MBEDTLS_MD_NONE) { if ((ctx->hash_id == MBEDTLS_MD_NONE) && (md_alg == MBEDTLS_MD_NONE)) {
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA; return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
} }
return rsa_rsassa_pss_sign_no_mode_check(ctx, f_rng, p_rng, md_alg, hashlen, hash, saltlen, return rsa_rsassa_pss_sign_no_mode_check(ctx, f_rng, p_rng, md_alg, hashlen, hash, saltlen,

17
tests/suites/test_suite_pk.function
View File

@ -2413,27 +2413,10 @@ void pk_copy_from_psa_success(data_t *priv_key_data, int key_type_arg,
* - Verify from the same PK context used for signature. * - Verify from the same PK context used for signature.
* - Verify with the PK context generated using public key. * - Verify with the PK context generated using public key.
* - Verify using the public PSA key directly. * - Verify using the public PSA key directly.
*
* Note: PSS requires the hash to be specified on sign operation (i.e. not
* null or any), so in case PSA_ALG_ANY_HASH is provided as input, we
* use mbedtls_pk_sign_ext() instead of mbedtls_pk_sign().
*/ */
if ((PSA_ALG_IS_RSA_OAEP(key_alg) || PSA_ALG_IS_RSA_PSS(key_alg)) &&
(!is_psa_hash_alg_specified)) {
/* Ensure pk_sign() fails without crashing. */
TEST_EQUAL(mbedtls_pk_sign(&pk_priv, md_for_test, in_buf, in_buf_len,
out_buf, sizeof(out_buf), &out_buf_len,
mbedtls_test_rnd_std_rand, NULL),
MBEDTLS_ERR_RSA_BAD_INPUT_DATA);
TEST_EQUAL(mbedtls_pk_sign_ext(MBEDTLS_PK_RSASSA_PSS, &pk_priv, md_for_test,
in_buf, in_buf_len,
out_buf, sizeof(out_buf), &out_buf_len,
mbedtls_test_rnd_std_rand, NULL), 0);
} else {
TEST_EQUAL(mbedtls_pk_sign(&pk_priv, md_for_test, in_buf, in_buf_len, TEST_EQUAL(mbedtls_pk_sign(&pk_priv, md_for_test, in_buf, in_buf_len,
out_buf, sizeof(out_buf), &out_buf_len, out_buf, sizeof(out_buf), &out_buf_len,
mbedtls_test_rnd_std_rand, NULL), 0); mbedtls_test_rnd_std_rand, NULL), 0);
}
TEST_EQUAL(mbedtls_pk_verify(&pk_priv, md_for_test, in_buf, in_buf_len, TEST_EQUAL(mbedtls_pk_verify(&pk_priv, md_for_test, in_buf, in_buf_len,
out_buf, out_buf_len), 0); out_buf, out_buf_len), 0);