Fix signature size checks in psa_asymmetric_verify for RSA

The signature must have exactly the same length as the key, it can't be longer. Fix #258 If the signature doesn't have the correct size, that's an invalid signature, not a problem with an output buffer size. Fix the error code. Add test cases.
2025-08-01 10:06:53 +03:00 · 2019-09-12 22:08:23 +02:00
parent 4019f0e914
commit 89cc74f447
2 changed files with 36 additions and 4 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -3191,8 +3191,8 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
    if( status != PSA_SUCCESS )
        return( status );

-    if( signature_length < mbedtls_rsa_get_len( rsa ) )
-        return( PSA_ERROR_BUFFER_TOO_SMALL );
+    if( signature_length != mbedtls_rsa_get_len( rsa ) )
+        return( PSA_ERROR_INVALID_SIGNATURE );

 #if defined(MBEDTLS_PKCS1_V15)
    if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )