Removes mode param from mbedtls_rsa_rsassa_pss_verify
Commit removes the mode parameter
from the mbedtls_rsa_rsassa_pss_verify
function and propagates the change
throughout the process.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index ab2d5a5..0b53eb7 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -1044,18 +1044,7 @@
* same. If \p hash_id in the RSA context is unset,
* the \p md_alg from the function call is used.
*
- * \deprecated It is deprecated and discouraged to call this function
- * in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
- * are likely to remove the \p mode argument and have it
- * implicitly set to #MBEDTLS_RSA_PUBLIC.
- *
- * \note Alternative implementations of RSA need not support
- * mode being set to #MBEDTLS_RSA_PRIVATE and might instead
- * return #MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED.
- *
* \param ctx The initialized RSA public key context to use.
- * \param mode The mode of operation. This must be either
- * #MBEDTLS_RSA_PUBLIC or #MBEDTLS_RSA_PRIVATE (deprecated).
* \param md_alg The message-digest algorithm used to hash the original data.
* Use #MBEDTLS_MD_NONE for signing raw data.
* \param hashlen The length of the message digest.
@@ -1073,7 +1062,6 @@
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
*/
int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 4108703..10ce30e 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -502,7 +502,6 @@
{
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
ret = mbedtls_rsa_rsassa_pss_verify( rsa,
- MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_NONE,
(unsigned int) hash_length,
hash,
diff --git a/library/rsa.c b/library/rsa.c
index 99a56b7..d3b4bf0 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -2297,7 +2297,6 @@
* Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
*/
int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
- int mode,
mbedtls_md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
@@ -2305,8 +2304,6 @@
{
mbedtls_md_type_t mgf1_hash_id;
RSA_VALIDATE_RET( ctx != NULL );
- RSA_VALIDATE_RET( mode == MBEDTLS_RSA_PRIVATE ||
- mode == MBEDTLS_RSA_PUBLIC );
RSA_VALIDATE_RET( sig != NULL );
RSA_VALIDATE_RET( ( md_alg == MBEDTLS_MD_NONE &&
hashlen == 0 ) ||
@@ -2316,10 +2313,12 @@
? (mbedtls_md_type_t) ctx->hash_id
: md_alg;
- return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, NULL, mode,
- md_alg, hashlen, hash,
- mgf1_hash_id, MBEDTLS_RSA_SALT_LEN_ANY,
- sig ) );
+ return( mbedtls_rsa_rsassa_pss_verify_ext( ctx, NULL, NULL,
+ MBEDTLS_RSA_PUBLIC,
+ md_alg, hashlen, hash,
+ mgf1_hash_id,
+ MBEDTLS_RSA_SALT_LEN_ANY,
+ sig ) );
}
#endif /* MBEDTLS_PKCS1_V21 */
@@ -2423,8 +2422,8 @@
#if defined(MBEDTLS_PKCS1_V21)
case MBEDTLS_RSA_PKCS_V21:
- return mbedtls_rsa_rsassa_pss_verify( ctx, MBEDTLS_RSA_PUBLIC, md_alg,
- hashlen, hash, sig );
+ return mbedtls_rsa_rsassa_pss_verify( ctx, md_alg,
+ hashlen, hash, sig );
#endif
default:
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index b9d7b59..8475036 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -316,22 +316,18 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pss_verify( NULL,
- MBEDTLS_RSA_PUBLIC,
0, sizeof( buf ),
buf, buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pss_verify( &ctx,
- MBEDTLS_RSA_PUBLIC,
0, sizeof( buf ),
NULL, buf ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pss_verify( &ctx,
- MBEDTLS_RSA_PUBLIC,
0, sizeof( buf ),
buf, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_rsassa_pss_verify( &ctx,
- MBEDTLS_RSA_PUBLIC,
MBEDTLS_MD_SHA1,
0, NULL,
buf ) );