TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 010ddc2b620b463dc50d1929e499f635f873baa4^! / . / include / mbedtls / rsa.h
commit010ddc2b620b463dc50d1929e499f635f873baa4[log] [tgz]
authorCédric Meuter <cedric.meuter@gmail.com>Sat Apr 25 09:24:11 2020 +0200
committerCédric Meuter <cedric.meuter@gmail.com>Thu Dec 24 09:53:04 2020 +0100
treeb11c07ef583356350b5054bfc47d66fb0942bd1b
parent8aa4d75ec98d19446151d778d2113cc5e26cb758 [diff] [blame]
Integrated feedback of first code review

- Fixed code style.
- Clarified the documentation of what happens when saltlen is set to
  MBEDTLS_RSA_SALT_LEN_ANY.
- Added range check on saltlen to reject out of range values.

(Code review done by @gilles-peskine-arm)

Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>

diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index 41a00a9..5fc6ddb 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h

@@ -979,14 +979,11 @@
  *                 Specifications</em> it is advised to keep both hashes the
  *                 same.
  *
- * \note           This function always uses the maximum possible salt size,
- *                 up to the length of the payload hash. This choice of salt
- *                 size complies with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1
- *                 v2.2) §9.1.1 step 3. Furthermore this function enforces a
- *                 minimum salt size which is the hash size minus 2 bytes. If
- *                 this minimum size is too large given the key size (the salt
- *                 size, plus the hash size, plus 2 bytes must be no more than
- *                 the key size in bytes), this function returns
+ * \note           This function enforces that the provided salt length complies
+ *                 with FIPS 186-4 §5.5 (e) and RFC 8017 (PKCS#1 v2.2) §9.1.1
+ *                 step 3. The constraint is that the hash length plus the salt
+ *                 length plus 2 bytes must be at most the key length. If this
+ *                 constraint is not met, this function returns
  *                 #MBEDTLS_ERR_RSA_BAD_INPUT_DATA.
  *
  * \deprecated     It is deprecated and discouraged to call this function
@@ -1014,8 +1011,10 @@
  *                 #MBEDTLS_MD_NONE, it must be a readable buffer of length
  *                 the size of the hash corresponding to \p md_alg.
  * \param saltlen  The length of the salt that should be used.
- *                 If passed MBEDTLS_RSA_SALT_LEN_ANY, the function will use
- *                 the largest possible salt length.
+ *                 If passed #MBEDTLS_RSA_SALT_LEN_ANY, the function will use
+ *                 the largest possible salt length up to the hash length,
+ *                 which is the largest permitted by some standards including
+ *                 FIPS 186-4 §5.5.
  * \param sig      The buffer to hold the signature. This must be a writable
  *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
  *                 for an 2048-bit RSA modulus. A buffer length of