library: x509: simplify RSA-PSS management

- Do not store RSA-PSS signature options in CRL/CRT/CSR structures; - During the parsing phase, just ensure that MGF1 hash alg is the same as the one used for the message. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-12-24 17:41:01 +03:00 · 2025-04-10 23:30:26 +02:00
parent 2439c4c14a
commit 68878ccdd0
8 changed files with 13 additions and 40 deletions
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -83,7 +83,6 @@ typedef struct mbedtls_x509_crl {
    mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
    mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
    mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
-    void *MBEDTLS_PRIVATE(sig_opts);             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */

    /** Next element in the linked list of CRL.
     * \p NULL indicates the end of the list.
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -82,7 +82,6 @@ typedef struct mbedtls_x509_crt {
    mbedtls_x509_buf MBEDTLS_PRIVATE(sig);               /**< Signature: hash of the tbs part signed with the private key. */
    mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
    mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
-    void *MBEDTLS_PRIVATE(sig_opts);             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */

    /** Next certificate in the linked list that constitutes the CA chain.
     * \p NULL indicates the end of the list.
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -56,7 +56,6 @@ typedef struct mbedtls_x509_csr {
    mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
    mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);       /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
    mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);       /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
-    void *MBEDTLS_PRIVATE(sig_opts);         /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
 }
 mbedtls_x509_csr;

--- a/library/x509.c
+++ b/library/x509.c
@@ -715,38 +715,30 @@ int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x5
 * Get signature algorithm from alg OID and optional parameters
 */
 int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
-                             mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
-                             void **sig_opts)
+                             mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg)
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;

-    if (*sig_opts != NULL) {
-        return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
-    }
-
    if ((ret = mbedtls_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) {
        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret);
    }

 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
    if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) {
-        mbedtls_pk_rsassa_pss_options *pss_opts;
-
-        pss_opts = mbedtls_calloc(1, sizeof(mbedtls_pk_rsassa_pss_options));
-        if (pss_opts == NULL) {
-            return MBEDTLS_ERR_X509_ALLOC_FAILED;
-        }
+        mbedtls_md_type_t mgf1_hash_id;
+        int expected_salt_len;

        ret = mbedtls_x509_get_rsassa_pss_params(sig_params,
                                                 md_alg,
-                                                 &pss_opts->mgf1_hash_id,
-                                                 &pss_opts->expected_salt_len);
+                                                 &mgf1_hash_id,
+                                                 &expected_salt_len);
        if (ret != 0) {
-            mbedtls_free(pss_opts);
            return ret;
        }
-
-        *sig_opts = (void *) pss_opts;
+        /* Ensure MGF1 hash alg is the same as the one used to hash the message. */
+        if (mgf1_hash_id != *md_alg) {
+            return MBEDTLS_ERR_X509_INVALID_ALG;
+        }
    } else
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
    {
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -389,8 +389,7 @@ int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain,
    crl->version++;

    if ((ret = mbedtls_x509_get_sig_alg(&crl->sig_oid, &sig_params1,
-                                        &crl->sig_md, &crl->sig_pk,
-                                        &crl->sig_opts)) != 0) {
+                                        &crl->sig_md, &crl->sig_pk)) != 0) {
        mbedtls_x509_crl_free(crl);
        return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG;
    }
@@ -676,10 +675,6 @@ void mbedtls_x509_crl_free(mbedtls_x509_crl *crl)
    mbedtls_x509_crl_entry *entry_prv;

    while (crl_cur != NULL) {
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-        mbedtls_free(crl_cur->sig_opts);
-#endif
-
        mbedtls_asn1_free_named_data_list_shallow(crl_cur->issuer.next);

        entry_cur = crl_cur->entry.next;
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1163,8 +1163,7 @@ static int x509_crt_parse_der_core(mbedtls_x509_crt *crt,
    crt->version++;

    if ((ret = mbedtls_x509_get_sig_alg(&crt->sig_oid, &sig_params1,
-                                        &crt->sig_md, &crt->sig_pk,
-                                        &crt->sig_opts)) != 0) {
+                                        &crt->sig_md, &crt->sig_pk)) != 0) {
        mbedtls_x509_crt_free(crt);
        return ret;
    }
@@ -3203,10 +3202,6 @@ void mbedtls_x509_crt_free(mbedtls_x509_crt *crt)
    while (cert_cur != NULL) {
        mbedtls_pk_free(&cert_cur->pk);

-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-        mbedtls_free(cert_cur->sig_opts);
-#endif
-
        mbedtls_asn1_free_named_data_list_shallow(cert_cur->issuer.next);
        mbedtls_asn1_free_named_data_list_shallow(cert_cur->subject.next);
        mbedtls_asn1_sequence_free(cert_cur->ext_key_usage.next);
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -407,8 +407,7 @@ static int mbedtls_x509_csr_parse_der_internal(mbedtls_x509_csr *csr,
    }

    if ((ret = mbedtls_x509_get_sig_alg(&csr->sig_oid, &sig_params,
-                                        &csr->sig_md, &csr->sig_pk,
-                                        &csr->sig_opts)) != 0) {
+                                        &csr->sig_md, &csr->sig_pk)) != 0) {
        mbedtls_x509_csr_free(csr);
        return MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG;
    }
@@ -621,10 +620,6 @@ void mbedtls_x509_csr_free(mbedtls_x509_csr *csr)

    mbedtls_pk_free(&csr->pk);

-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-    mbedtls_free(csr->sig_opts);
-#endif
-
    mbedtls_asn1_free_named_data_list_shallow(csr->subject.next);
    mbedtls_asn1_sequence_free(csr->subject_alt_names.next);

--- a/library/x509_internal.h
+++ b/library/x509_internal.h
@@ -35,8 +35,7 @@ int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
 #endif
 int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig);
 int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
-                             mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
-                             void **sig_opts);
+                             mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg);
 int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end,
                          mbedtls_x509_time *t);
 int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end,