Change prototype of pk_sign_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
diff --git a/library/pk.c b/library/pk.c
index cb25354..b6dd99d 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -521,11 +521,13 @@
/*
* Make a signature with options
*/
-int mbedtls_pk_sign_ext( mbedtls_pk_type_t type, const void *options,
- mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
- const unsigned char *hash, size_t hash_len,
- unsigned char *sig, size_t sig_size, size_t *sig_len,
- int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+int mbedtls_pk_sign_ext( mbedtls_pk_type_t type,
+ mbedtls_pk_context *ctx,
+ mbedtls_md_type_t md_alg,
+ const unsigned char *hash, size_t hash_len,
+ unsigned char *sig, size_t sig_size, size_t *sig_len,
+ int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng )
{
PK_VALIDATE_RET( ctx != NULL );
PK_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE && hash_len == 0 ) ||
@@ -541,10 +543,6 @@
if( type != MBEDTLS_PK_RSASSA_PSS )
{
- /* General case: no options */
- if( options != NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
return( mbedtls_pk_sign_restartable( ctx, md_alg, hash, hash_len,
sig, sig_size, sig_len,
f_rng, p_rng, NULL ) );
@@ -552,17 +550,12 @@
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21)
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- const mbedtls_pk_rsassa_pss_options *pss_opts;
#if SIZE_MAX > UINT_MAX
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* SIZE_MAX > UINT_MAX */
- if( options == NULL )
- return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-
- pss_opts = (const mbedtls_pk_rsassa_pss_options *) options;
if( sig_size < mbedtls_pk_get_len( ctx ) )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
@@ -578,7 +571,7 @@
f_rng, p_rng,
md_alg,
(unsigned int) hash_len,
- hash,pss_opts->expected_salt_len,
+ hash,MBEDTLS_RSA_SALT_LEN_ANY,
sig
);
return( ret );
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 7dd8fb4..a8c3570 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1060,10 +1060,8 @@
unsigned char verify_buffer[ SSL_VERIFY_STRUCT_MAX_SIZE ];
size_t verify_buffer_len;
mbedtls_pk_type_t pk_type = MBEDTLS_PK_NONE;
- const void *options = NULL;
mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
uint16_t algorithm = MBEDTLS_TLS1_3_SIG_NONE;
- mbedtls_pk_rsassa_pss_options pss_opts;
size_t signature_len = 0;
const mbedtls_md_info_t *md_info;
unsigned char verify_hash[ MBEDTLS_MD_MAX_SIZE ];
@@ -1134,20 +1132,14 @@
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256:
md_alg = MBEDTLS_MD_SHA256;
- pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY;
- options = &pss_opts;
pk_type = MBEDTLS_PK_RSASSA_PSS;
break;
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA384:
md_alg = MBEDTLS_MD_SHA384;
- pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY;
- options = &pss_opts;
pk_type = MBEDTLS_PK_RSASSA_PSS;
break;
case MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA512:
md_alg = MBEDTLS_MD_SHA512;
- pss_opts.expected_salt_len = MBEDTLS_RSA_SALT_LEN_ANY;
- options = &pss_opts;
pk_type = MBEDTLS_PK_RSASSA_PSS;
break;
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
@@ -1173,8 +1165,8 @@
verify_hash_len = mbedtls_md_get_size( md_info );
MBEDTLS_SSL_DEBUG_BUF( 3, "verify hash", verify_hash, verify_hash_len );
- if( ( ret = mbedtls_pk_sign_ext( pk_type, options,
- own_key, md_alg, verify_hash, verify_hash_len,
+ if( ( ret = mbedtls_pk_sign_ext( pk_type, own_key,
+ md_alg, verify_hash, verify_hash_len,
p + 2, (size_t)( end - ( p + 2 ) ), &signature_len,
ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{