RSA verification: don't report an invalid padding error Mbed TLS distinguishes "invalid padding" from "valid padding but the rest of the signature is invalid". This has little use in practice and PSA doesn't report this distinction. We just report "invalid signature".

commit: ef12c63de0611099b7fe70e564c6806289a27523 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Thu Sep 13 20:37:48 2018 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Mon Sep 17 14:33:43 2018 +0200
tree: b3f6832e33f12a9356273ee5f2b1e8a382babbfa
parent: 821adfe51c7f855aada178b33f012cbdda40bfff [diff] [blame]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 8aa3145..0100441 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -1959,6 +1959,12 @@
     {
         return( PSA_ERROR_INVALID_ARGUMENT );
     }
+
+    /* Mbed TLS distinguishes "invalid padding" from "valid padding but
+     * the rest of the signature is invalid". This has little use in
+     * practice and PSA doesn't report this distinction. */
+    if( ret == MBEDTLS_ERR_RSA_INVALID_PADDING )
+        return( PSA_ERROR_INVALID_SIGNATURE );
     return( mbedtls_to_psa_error( ret ) );
 }
 #endif /* MBEDTLS_RSA_C */
commit	ef12c63de0611099b7fe70e564c6806289a27523	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Sep 13 20:37:48 2018 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Mon Sep 17 14:33:43 2018 +0200
tree	b3f6832e33f12a9356273ee5f2b1e8a382babbfa
parent	821adfe51c7f855aada178b33f012cbdda40bfff [diff] [blame]