TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 573dc23141211980d43f9746e54c4f776b733f49^! / . / library / pk.c
commit573dc23141211980d43f9746e54c4f776b733f49[log] [tgz]
authorTomi Fontanilles <129057597+tomi-font@users.noreply.github.com>Sun Dec 10 14:57:51 2023 +0200
committerTomi Fontanilles <tomi.fontanilles@nordicsemi.no>Wed Dec 20 12:59:57 2023 +0200
tree680218965168a55c0d090ec9b65deb1ac2ec9971
parent8174662b648d03c5503dfea15a57106ca7dd5312 [diff] [blame]
rsa: introduce rsa_internal_rsassa_pss_sign_no_mode_check()

And use it in the non-PSA version of mbedtls_pk_sign_ext()
to bypass checks that didn't succeed when used by TLS 1.3.

That is because in the failing scenarios the padding of
the RSA context is not set to PKCS_V21.

See the discussion on PR #7930 for more details.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>

diff --git a/library/pk.c b/library/pk.c
index 344d29f..929af3c 100644
--- a/library/pk.c
+++ b/library/pk.c

@@ -18,6 +18,9 @@
 
 #if defined(MBEDTLS_RSA_C)
 #include "mbedtls/rsa.h"
+#if defined(MBEDTLS_PKCS1_V21) && !defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "rsa_internal.h"
+#endif
 #endif
 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
 #include "mbedtls/ecp.h"
@@ -728,8 +731,8 @@
 
     mbedtls_rsa_context *const rsa_ctx = mbedtls_pk_rsa(*ctx);
 
-    const int ret = mbedtls_rsa_rsassa_pss_sign(rsa_ctx, f_rng, p_rng, md_alg,
-                                                (unsigned int) hash_len, hash, sig);
+    const int ret = mbedtls_rsa_rsassa_pss_sign_no_mode_check(rsa_ctx, f_rng, p_rng, md_alg,
+                                                              (unsigned int) hash_len, hash, sig);
     if (ret == 0) {
         *sig_len = rsa_ctx->len;
     }