mbedtls/require-matching-hashlen-rsa.md at e7885e54416a42690f153e0cf476ed83a477aa86

mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-04 14:09:29 +08:00

Manuel Pégourié-Gonnard e7885e5441 RSA: Require hashlen to match md_alg when applicable

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

2021-06-22 12:29:27 +02:00

691 B

Raw Blame History

RSA signature functions now require `hashlen` to match the expected value

This only affects users of the low-level RSA API; users of the high-level PK API or of the PSA Crypto API are not affected.

All the functions in the RSA module that accept a hashlen parameter used to ignore it unless the md_alg parameter was MBEDTLS_MD_NONE, indicating raw data was signed. They now require this parameter's value to be equal to the output size of the hash algorithm used when signing a hash. (The requirements when signing raw data are unchanged.)

The migration path is to pass the correct value to those functions.

691 B Raw Blame History

RSA signature functions now require hashlen to match the expected value

691 B

Raw Blame History

RSA signature functions now require `hashlen` to match the expected value