diff --git a/library/pkcs7.c b/library/pkcs7.c index dda15725a6..ba4529d3e9 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -704,9 +704,9 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, * failed to validate'. */ for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { - ret = mbedtls_pk_verify_restartable(&pk_cxt, md_alg, hash, - mbedtls_md_get_size(md_info), - signer->sig.p, signer->sig.len, NULL); + ret = mbedtls_pk_verify_ext(MBEDTLS_PK_SIGALG_RSA_PKCS1V15, &pk_cxt, md_alg, hash, + mbedtls_md_get_size(md_info), + signer->sig.p, signer->sig.len); if (ret == 0) { break; diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a8bd02e539..8f3b5d2492 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2880,11 +2880,11 @@ curve_matching_done: * after the call to ssl_prepare_server_key_exchange. * ssl_write_server_key_exchange also takes care of incrementing * ssl->out_msglen. */ - if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl), - md_alg, hash, hashlen, - ssl->out_msg + ssl->out_msglen + 2, - out_buf_len - ssl->out_msglen - 2, - signature_len, NULL)) != 0) { + if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) sig_alg, mbedtls_ssl_own_key(ssl), + md_alg, hash, hashlen, + ssl->out_msg + ssl->out_msglen + 2, + out_buf_len - ssl->out_msglen - 2, + signature_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret); return ret; } @@ -3456,9 +3456,9 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) } } - if ((ret = mbedtls_pk_verify_restartable(peer_pk, - md_alg, hash_start, hashlen, - ssl->in_msg + i, sig_len, NULL)) != 0) { + if ((ret = mbedtls_pk_verify_ext((mbedtls_pk_sigalg_t) pk_alg, peer_pk, + md_alg, hash_start, hashlen, + ssl->in_msg + i, sig_len)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_verify", ret); return ret; } diff --git a/library/x509write_crt.c b/library/x509write_crt.c index d06e5f5232..ba2387e046 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -571,9 +571,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx, } - if ((ret = mbedtls_pk_sign_restartable(ctx->issuer_key, ctx->md_alg, - hash, hash_length, sig, sizeof(sig), &sig_len, - NULL)) != 0) { + if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_alg, ctx->issuer_key, ctx->md_alg, + hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) { return ret; } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index de27d6eec8..64fd45952f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -1243,10 +1243,10 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl, switch (ctx->operation_type) { case ASYNC_OP_SIGN: - ret = mbedtls_pk_sign_restartable(key_slot->pk, - ctx->md_alg, - ctx->input, ctx->input_len, - output, output_size, output_len, NULL); + ret = mbedtls_pk_sign(key_slot->pk, + ctx->md_alg, + ctx->input, ctx->input_len, + output, output_size, output_len); break; default: mbedtls_printf(