library: pass NULL options parameter to mbedtls_pk_verify_ext()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index df7dfbf..114c32a 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2100,15 +2100,7 @@
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
- mbedtls_pk_rsassa_pss_options rsassa_pss_options;
- rsassa_pss_options.mgf1_hash_id = md_alg;
- rsassa_pss_options.expected_salt_len =
- mbedtls_md_get_size_from_type(md_alg);
- if (rsassa_pss_options.expected_salt_len == 0) {
- return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
- }
-
- ret = mbedtls_pk_verify_ext(pk_alg, &rsassa_pss_options,
+ ret = mbedtls_pk_verify_ext(pk_alg, NULL,
peer_pk,
md_alg, hash, hashlen,
p, sig_len);
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index deba2ae..70175e0 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -227,11 +227,6 @@
unsigned char verify_hash[PSA_HASH_MAX_SIZE];
size_t verify_hash_len;
- void const *options = NULL;
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
- mbedtls_pk_rsassa_pss_options rsassa_pss_options;
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-
/*
* struct {
* SignatureScheme algorithm;
@@ -304,16 +299,8 @@
}
MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
- if (sig_alg == MBEDTLS_PK_RSASSA_PSS) {
- rsassa_pss_options.mgf1_hash_id = md_alg;
- rsassa_pss_options.expected_salt_len = PSA_HASH_LENGTH(hash_alg);
- options = (const void *) &rsassa_pss_options;
- }
-#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
-
- if ((ret = mbedtls_pk_verify_ext(sig_alg, options,
+ if ((ret = mbedtls_pk_verify_ext(sig_alg, NULL,
&ssl->session_negotiate->peer_cert->pk,
md_alg, verify_hash, verify_hash_len,
p, signature_len)) == 0) {
diff --git a/library/x509_crt.c b/library/x509_crt.c
index b4c7d8a..faea404 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2059,7 +2059,7 @@
flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
}
- if (mbedtls_pk_verify_ext(crl_list->sig_pk, crl_list->sig_opts, &ca->pk,
+ if (mbedtls_pk_verify_ext(crl_list->sig_pk, NULL, &ca->pk,
crl_list->sig_md, hash, hash_length,
crl_list->sig.p, crl_list->sig.len) != 0) {
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
@@ -2133,7 +2133,7 @@
(void) rs_ctx;
#endif
- return mbedtls_pk_verify_ext(child->sig_pk, child->sig_opts, &parent->pk,
+ return mbedtls_pk_verify_ext(child->sig_pk, NULL, &parent->pk,
child->sig_md, hash, hash_len,
child->sig.p, child->sig.len);
}
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 107d923..f3a161c 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -37,7 +37,7 @@
goto cleanup;
}
- if (mbedtls_pk_verify_ext(csr.sig_pk, csr.sig_opts, &csr.pk,
+ if (mbedtls_pk_verify_ext(csr.sig_pk, NULL, &csr.pk,
csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md),
csr.sig.p, csr.sig.len) != 0) {
ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;