Merge pull request #4704 from mpg/issue-3990-fix_psa_verify_with_alt-2.x

[Backport 2.x] Fix PSA RSA PSS verify with ALT implementations
2025-07-28 00:21:48 +03:00 · 2021-06-23 11:47:42 +02:00
parent df51a13c54 727e1f17dd
commit 478ac0bcc1
5 changed files with 63 additions and 60 deletions
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@ -360,27 +360,14 @@ static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
        return( PSA_ERROR_INVALID_ARGUMENT );
 #endif

-#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
-    /* For PKCS#1 v1.5 signature, if using a hash, the hash length
-     * must be correct. */
-    if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) &&
-        alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
+    /* For signatures using a hash, the hash length must be correct. */
+    if( alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
    {
        if( md_info == NULL )
            return( PSA_ERROR_NOT_SUPPORTED );
        if( mbedtls_md_get_size( md_info ) != hash_length )
            return( PSA_ERROR_INVALID_ARGUMENT );
    }
-#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
-
-#if defined(BUILTIN_ALG_RSA_PSS)
-    /* PSS requires a hash internally. */
-    if( PSA_ALG_IS_RSA_PSS( alg ) )
-    {
-        if( md_info == NULL )
-            return( PSA_ERROR_NOT_SUPPORTED );
-    }
-#endif /* BUILTIN_ALG_RSA_PSS */

    return( PSA_SUCCESS );
 }
@ -512,7 +499,7 @@ static psa_status_t rsa_verify_hash(
                                             mbedtls_psa_get_random,
                                             MBEDTLS_PSA_RANDOM_STATE,
                                             MBEDTLS_RSA_PUBLIC,
-                                             MBEDTLS_MD_NONE,
+                                             md_alg,
                                             (unsigned int) hash_length,
                                             hash,
                                             signature );