documentation of mbedtls_ssl_async_sign_t with RSA: update to PSA

Stop referring to low-level APIs that are becoming private. Also drop the requirement on supporting what is now PSA_ALG_RSA_PKCS1V15_SIGN_RAW. That was needed for TLS 1.0/1.1 which signs MD5||SHA1, but is no longer needed since Mbed TLS 3.0 dropped support for these protocol versions. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-06-24 22:29:04 +08:00 · 2025-04-10 14:00:40 +02:00 · 2025-04-10 14:00:40 +02:00 · 86b9d3f299
commit 86b9d3f299
parent 80b697d78a
1 changed files with 4 additions and 14 deletions
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -987,20 +987,10 @@ typedef int mbedtls_ssl_cache_set_t(void *data,
 *                  to store an operation context for later retrieval
 *                  by the resume or cancel callback.
 *
- * \note            For RSA signatures, this function must produce output
- *                  that is consistent with PKCS#1 v1.5 in the same way as
- *                  mbedtls_rsa_pkcs1_sign(). Before the private key operation,
- *                  apply the padding steps described in RFC 8017, section 9.2
- *                  "EMSA-PKCS1-v1_5" as follows.
- *                  - If \p md_alg is #MBEDTLS_MD_NONE, apply the PKCS#1 v1.5
- *                    encoding, treating \p hash as the DigestInfo to be
- *                    padded. In other words, apply EMSA-PKCS1-v1_5 starting
- *                    from step 3, with `T = hash` and `tLen = hash_len`.
- *                  - If `md_alg != MBEDTLS_MD_NONE`, apply the PKCS#1 v1.5
- *                    encoding, treating \p hash as the hash to be encoded and
- *                    padded. In other words, apply EMSA-PKCS1-v1_5 starting
- *                    from step 2, with `digestAlgorithm` obtained by calling
- *                    mbedtls_oid_get_oid_by_md() on \p md_alg.
+ * \note            For an RSA key, this function must produce a PKCS#1v1.5
+ *                  signature in the standard format (like
+ *                  #PSA_ALG_RSA_PKCS1V15_SIGN). \c md_alg is guaranteed to be
+ *                  a hash that is supported by the library.
 *
 * \note            For ECDSA signatures, the output format is the DER encoding
 *                  `Ecdsa-Sig-Value` defined in