commit 3a0375fff43fba25b95ea9b765c504eba9194b2a
author Ronald Cron <ronald.cron@arm.com> Tue Jun 08 10:22:28 2021 +0200
committer Ronald Cron <ronald.cron@arm.com> Tue Jun 08 14:11:57 2021 +0200
tree ba8aa26d87fa328266c8ec1ea896c59519d69f38
parent 266b6d2121eb2bbfb68725fa3b3ba63e9accbcc5

Fail if a padding disabled by the build-time configuration is selected

Signed-off-by: Ronald Cron <ronald.cron@arm.com>

library/rsa.c

diff --git a/library/rsa.c b/library/rsa.c
index 26a93c1..a788337 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -500,9 +500,20 @@
 int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
                              mbedtls_md_type_t hash_id )
 {
-    if( ( padding != MBEDTLS_RSA_PKCS_V15 ) &&
-        ( padding != MBEDTLS_RSA_PKCS_V21 ) )
-        return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+    switch( padding )
+    {
+#if defined(MBEDTLS_PKCS1_V15)
+        case MBEDTLS_RSA_PKCS_V15:
+            break;
+#endif
+
+#if defined(MBEDTLS_PKCS1_V21)
+        case MBEDTLS_RSA_PKCS_V21:
+            break;
+#endif
+        default:
+            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+    }
 
     if( ( padding == MBEDTLS_RSA_PKCS_V21 ) &&
         ( hash_id != MBEDTLS_MD_NONE ) )

programs/pkey/rsa_sign_pss.c

diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index e7fcf51..26056dd 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -119,7 +119,7 @@
                                          MBEDTLS_RSA_PKCS_V21,
                                          MBEDTLS_MD_SHA256 ) ) != 0 )
     {
-        mbedtls_printf( " failed\n  ! Invalid padding\n" );
+        mbedtls_printf( " failed\n  ! Padding not supported\n" );
         goto exit;
     }
 

tests/suites/test_suite_rsa.function

diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 0865444..14b4afc 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -36,6 +36,20 @@
                                          invalid_hash_id ),
                 MBEDTLS_ERR_RSA_INVALID_PADDING );
 
+#if !defined(MBEDTLS_PKCS1_V15)
+    TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+                                         MBEDTLS_RSA_PKCS_V15,
+                                         MBEDTLS_MD_NONE ),
+                MBEDTLS_ERR_RSA_INVALID_PADDING );
+#endif
+
+#if !defined(MBEDTLS_PKCS1_V21)
+    TEST_EQUAL( mbedtls_rsa_set_padding( &ctx,
+                                         MBEDTLS_RSA_PKCS_V21,
+                                         MBEDTLS_MD_NONE ),
+                MBEDTLS_ERR_RSA_INVALID_PADDING );
+#endif
+
 exit:
     mbedtls_rsa_free( &ctx );
 }