Removed the mode argument from mbedtls_rsa_rsassa_pss_sign_ext()

- This mode argument was deprecated in the original function. Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2025-11-04 04:32:24 -05:00 · 2020-04-25 11:30:45 +02:00 · 2020-04-25 11:30:45 +02:00 · f3fab33147
commit f3fab33147
parent 010ddc2b62
2 changed files with 21 additions and 19 deletions
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@ -986,21 +986,10 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
 *                 constraint is not met, this function returns
 *                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
 *
- * \deprecated     It is deprecated and discouraged to call this function
- *                 in #MBEDTLS_RSA_PUBLIC mode. Future versions of the library
- *                 are likely to remove the \p mode argument and have it
- *                 implicitly set to #MBEDTLS_RSA_PRIVATE.
- *
- * \note           Alternative implementations of RSA need not support
- *                 mode being set to #MBEDTLS_RSA_PUBLIC and might instead
- *                 return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
 * \param ctx      The initialized RSA context to use.
 * \param f_rng    The RNG function. It must not be \c NULL.
 * \param p_rng    The RNG context to be passed to \p f_rng. This may be \c NULL
 *                 if \p f_rng doesn't need a context argument.
- * \param mode     The mode of operation. This must be either
- *                 #MBEDTLS_RSA_PRIVATE or #MBEDTLS_RSA_PUBLIC (deprecated).
 * \param md_alg   The message-digest algorithm used to hash the original data.
 *                 Use #MBEDTLS_MD_NONE for signing raw data.
 * \param hashlen  The length of the message digest.
@ -1026,7 +1015,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
 int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
                         int (*f_rng)(void *, unsigned char *, size_t),
                         void *p_rng,
-                         int mode,
                         mbedtls_md_type_t md_alg,
                         unsigned int hashlen,
                         const unsigned char *hash,
--- a/library/rsa.c
+++ b/library/rsa.c
@ -1787,11 +1787,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
 }

 #if defined(MBEDTLS_PKCS1_V21)
-/*
- * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function with
- * the option to pass in the salt length.
- */
-int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
+static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
                         int (*f_rng)(void *, unsigned char *, size_t),
                         void *p_rng,
                         int mode,
@ -1924,6 +1920,24 @@ exit:
            : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig ) );
 }

+/*
+ * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function with
+ * the option to pass in the salt length.
+ */
+int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng,
+                         mbedtls_md_type_t md_alg,
+                         unsigned int hashlen,
+                         const unsigned char *hash,
+                         int saltlen,
+                         unsigned char *sig )
+{
+    return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg,
+                                hashlen, hash, saltlen, sig );
+}
+
+
 /*
 * Implementation of the PKCS#1 v2.1 RSASSA-PSS-SIGN function
 */
@ -1936,7 +1950,7 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
                         const unsigned char *hash,
                         unsigned char *sig )
 {
-    return mbedtls_rsa_rsassa_pss_sign_ext( ctx, f_rng, p_rng, mode, md_alg,
+    return rsa_rsassa_pss_sign( ctx, f_rng, p_rng, mode, md_alg,
                                hashlen, hash, MBEDTLS_RSA_SALT_LEN_ANY, sig );
 }
 #endif /* MBEDTLS_PKCS1_V21 */