lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-09-01 05:01:58 +03:00
Code Activity

RSA verification: don't report an invalid padding error

Browse Source 
Mbed TLS distinguishes "invalid padding" from "valid padding but the
rest of the signature is invalid". This has little use in practice and
PSA doesn't report this distinction. We just report "invalid
signature".
This commit is contained in:
Gilles Peskine
2018-09-13 20:37:48 +02:00
parent 821adfe51c
commit ef12c63de0
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
library/psa_crypto.c
View File

@@ -1959,6 +1959,12 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
{
return( PSA_ERROR_INVALID_ARGUMENT );
}
/* Mbed TLS distinguishes "invalid padding" from "valid padding but
* the rest of the signature is invalid". This has little use in
* practice and PSA doesn't report this distinction. */
if( ret == MBEDTLS_ERR_RSA_INVALID_PADDING )
return( PSA_ERROR_INVALID_SIGNATURE );
return( mbedtls_to_psa_error( ret ) );
}
#endif /* MBEDTLS_RSA_C */