lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

library: pass NULL options parameter to mbedtls_pk_verify_ext()

Browse Source 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit is contained in:
Valerio Setti
2025-04-23 11:29:51 +02:00
parent d24dfad7af
commit 7f6f4e6907
4 changed files with 5 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
library/ssl_tls12_client.c
View File

@ -2100,15 +2100,7 @@ start_processing:
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
if (pk_alg == MBEDTLS_PK_RSASSA_PSS) { if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
mbedtls_pk_rsassa_pss_options rsassa_pss_options; ret = mbedtls_pk_verify_ext(pk_alg, NULL,
rsassa_pss_options.mgf1_hash_id = md_alg;
rsassa_pss_options.expected_salt_len =
mbedtls_md_get_size_from_type(md_alg);
if (rsassa_pss_options.expected_salt_len == 0) {
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
}
ret = mbedtls_pk_verify_ext(pk_alg, &rsassa_pss_options,
peer_pk, peer_pk,
md_alg, hash, hashlen, md_alg, hash, hashlen,
p, sig_len); p, sig_len);

15
library/ssl_tls13_generic.c
View File

@ -227,11 +227,6 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl,
unsigned char verify_hash[PSA_HASH_MAX_SIZE]; unsigned char verify_hash[PSA_HASH_MAX_SIZE];
size_t verify_hash_len; size_t verify_hash_len;
void const *options = NULL;
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
mbedtls_pk_rsassa_pss_options rsassa_pss_options;
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
/* /*
* struct { * struct {
* SignatureScheme algorithm; * SignatureScheme algorithm;
@ -304,16 +299,8 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl,
} }
MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
if (sig_alg == MBEDTLS_PK_RSASSA_PSS) {
rsassa_pss_options.mgf1_hash_id = md_alg;
rsassa_pss_options.expected_salt_len = PSA_HASH_LENGTH(hash_alg); if ((ret = mbedtls_pk_verify_ext(sig_alg, NULL,
options = (const void *) &rsassa_pss_options;
}
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
if ((ret = mbedtls_pk_verify_ext(sig_alg, options,
&ssl->session_negotiate->peer_cert->pk, &ssl->session_negotiate->peer_cert->pk,
md_alg, verify_hash, verify_hash_len, md_alg, verify_hash, verify_hash_len,
p, signature_len)) == 0) { p, signature_len)) == 0) {

4
library/x509_crt.c
View File

@ -2059,7 +2059,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
flags |= MBEDTLS_X509_BADCERT_BAD_KEY; flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
} }
if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk, if (mbedtls_pk_verify_ext(crl_list->sig_pk, NULL, &ca->pk,
crl_list->sig_md, hash, hash_length, crl_list->sig_md, hash, hash_length,
crl_list->sig.p, crl_list->sig.len) != 0) { crl_list->sig.p, crl_list->sig.len) != 0) {
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
@ -2133,7 +2133,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
(void) rs_ctx; (void) rs_ctx;
#endif #endif
return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk, return mbedtls_pk_verify_ext(child->sig_pk, NULL, &parent->pk,
child->sig_md, hash, hash_len, child->sig_md, hash, hash_len,
child->sig.p, child->sig.len); child->sig.p, child->sig.len);
} }

2
tests/suites/test_suite_x509write.function
View File

@ -37,7 +37,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
goto cleanup; goto cleanup;
} }
if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk, if (mbedtls_pk_verify_ext(csr.sig_pk, NULL, &csr.pk,
csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md), csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md),
csr.sig.p, csr.sig.len) != 0) { csr.sig.p, csr.sig.len) != 0) {
ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED; ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;