commit 38391bf9b6a28be7e0bf90d9775462f5856369f9
author Ronald Cron <ronald.cron@arm.com> Fri Sep 16 11:19:27 2022 +0200
committer Ronald Cron <ronald.cron@arm.com> Tue Sep 20 14:29:41 2022 +0200
tree cf7cc4e9180022cc813140cb5ae722cff8ba84be
parent 67ea2543edd3b6eeb6e400a46b6c27dcef7f83fa

tls13: Do not impose minimum hash size for RSA PSS signatures

When providing proof of possession of
an RSA private key, allow the usage for RSA
PSS signatures of a hash with a security
level lower that the security level of the
RSA private key.

We did not allow this in the first place to
align with the ECDSA case. But as it is not
mandated by the TLS 1.3 specification (in
contrary to ECDSA), let's allow it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/ssl_tls13_generic.c

diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 507c587..54884e9 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -906,12 +906,8 @@
         case MBEDTLS_SSL_SIG_RSA:
             switch( sig_alg )
             {
-                case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
-                    return( key_size <= 3072 );
-
-                case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
-                    return( key_size <= 7680 );
-
+                case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256: /* Intentional fallthrough */
+                case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384: /* Intentional fallthrough */
                 case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
                     return( 1 );