TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 88c2755a3049304973031a3cacbfbd5dff1b63eb^! / .
commit88c2755a3049304973031a3cacbfbd5dff1b63eb[log] [tgz]
authorGilles Peskine <Gilles.Peskine@arm.com>Mon Mar 11 18:49:54 2024 +0100
committerGilles Peskine <Gilles.Peskine@arm.com>Mon Mar 11 18:49:54 2024 +0100
tree55032fca9cb047e153db53d4bedc6723052f9773
parent9cc01ccbf8976e529bc61d57815f97b04d39a092 [diff]
mbedtls_pk_decrypt/encrypt actually check the padding mode

The sign/verify functions happily use the wrong algorithm, but the
encrypt/decrypt functions error out if the padding mode specifies V21.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

diff --git a/ChangeLog.d/8824.txt b/ChangeLog.d/8824.txt
index abc305f..6d6bcb7 100644
--- a/ChangeLog.d/8824.txt
+++ b/ChangeLog.d/8824.txt

@@ -1,7 +1,8 @@
 Bugfix
    * Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() and
      mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in
-     the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled, they always
-     used PKCS#1 v1.5 even when the RSA context was configured for PKCS#1 v2.1
-     (PSS/OAEP). Fixes #8824.
+     the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled and the
+     RSA context was configured for PKCS#1 v2.1 (PSS/OAEP), the sign/verify
+     functions performed a PKCS#1 v1.5 signature instead and the
+     encrypt/decrypt functions returned an error. Fixes #8824.