commit 47c7171348d70c2d369363c247d74f954e3b778d
author Govindraj Raja <govindraj.raja@arm.com> Fri Feb 03 11:08:00 2023 +0000
committer Govindraj Raja <govindraj.raja@arm.com> Tue Feb 21 11:09:47 2023 +0000
tree e5412a3f57d1488231a99ae2a030023c3c118ff7
parent a8eadc51a32a30fceb64f534c378ba66b876e026

refactor(crypto): avoid using struct mbedtls_pk_rsassa_pss_options

In preparation for supporting mbedtls 3.3, usage of
mbedtls_pk_rsassa_pss_options[1] is made private and is broken on 3.3

However looking closely into the usage in 'verify_signature' function
is no hard reason behind usage of this struct and they could be easily
replaced with independent variables.

This Minor refactor to avoid using the struct mbedtls_pk_rsassa_pss_options
and use independent variable will provide compatibility with both 2.x
and 3.x

[1]: https://github.com/Mbed-TLS/mbedtls/issues/7040

Change-Id: If0107d860d11d13cba7fd5d7941e7142e70c7b11
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>

drivers/auth/cryptocell/713/cryptocell_crypto.c

diff --git a/drivers/auth/cryptocell/713/cryptocell_crypto.c b/drivers/auth/cryptocell/713/cryptocell_crypto.c
index 3ac16af..af175e4 100644
--- a/drivers/auth/cryptocell/713/cryptocell_crypto.c
+++ b/drivers/auth/cryptocell/713/cryptocell_crypto.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2023 ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -82,11 +82,11 @@
 	CCError_t error;
 	CCBsvNBuff_t NBuff;
 	CCBsvSignature_t signature;
-	int rc, exp;
+	int rc, exp, expected_salt_len;
 	mbedtls_asn1_buf sig_oid, alg_oid, params;
-	mbedtls_md_type_t md_alg;
+	mbedtls_md_type_t md_alg, mgf1_hash_id;
 	mbedtls_pk_type_t pk_alg;
-	mbedtls_pk_rsassa_pss_options pss_opts;
+
 	size_t len;
 	uint8_t *p, *end;
 	CCHashResult_t digest;
@@ -114,17 +114,17 @@
 	/* Verify the RSASSA-PSS params */
 	/* The trailer field is verified to be 0xBC internally by this API */
 	rc = mbedtls_x509_get_rsassa_pss_params(&params, &md_alg,
-			&pss_opts.mgf1_hash_id,
-			&pss_opts.expected_salt_len);
+			&mgf1_hash_id,
+			&expected_salt_len);
 	if (rc != 0)
 		return CRYPTO_ERR_SIGNATURE;
 
 	/* The CryptoCell only supports SHA256 as hash algorithm */
 	if (md_alg != MBEDTLS_MD_SHA256 ||
-	    pss_opts.mgf1_hash_id != MBEDTLS_MD_SHA256)
+	    mgf1_hash_id != MBEDTLS_MD_SHA256)
 		return CRYPTO_ERR_SIGNATURE;
 
-	if (pss_opts.expected_salt_len != RSA_SALT_LEN)
+	if (expected_salt_len != RSA_SALT_LEN)
 		return CRYPTO_ERR_SIGNATURE;
 
 	/* Parse the public key */